Action not permitted
Modal body text goes here.
cve-2020-10714
Vulnerability from cvelistv5
Published
2020-09-23 12:28
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1825714 | Issue Tracking, Mitigation, Vendor Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20201223-0002/ | Third Party Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | wildfly-elytron |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201223-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly-elytron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "wildfly-elytron 1.10.7.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T07:06:28",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201223-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wildfly-elytron",
"version": {
"version_data": [
{
"version_value": "wildfly-elytron 1.10.7.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201223-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201223-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10714",
"datePublished": "2020-09-23T12:28:17",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:14.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-10714\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-09-23T13:15:15.233\",\"lastModified\":\"2022-11-08T13:58:38.320\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en versi\u00f3n 1.11.3.Final y anteriores de WildFly Elytron.\u0026#xa0;Cuando se usa la autenticaci\u00f3n FORM de WildFly Elytron con un ID de sesi\u00f3n en la URL, un atacante podr\u00eda llevar a cabo un ataque de fijaci\u00f3n de sesi\u00f3n.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.1},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.3\",\"matchCriteriaId\":\"DFA71264-A0E0-481E-A499-45BD1BA64E57\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BAF877F-B8D5-4313-AC5C-26BB82006B30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5863BBF-829E-44EF-ACE8-61D5037251F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A6B40D-F991-4712-8E30-5FE008505CB7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1825714\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20201223-0002/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
rhsa-2020_4960
Vulnerability from csaf_redhat
Published
2020-11-05 18:47
Modified
2024-11-05 22:58
Summary
Red Hat Security Advisory: Red Hat Decision Manager 7.9.0 security update
Notes
Topic
An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* ant: insecure temporary file vulnerability (CVE-2020-1945)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)
* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Decision Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model \u0026 Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4960",
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "1848617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
},
{
"category": "external",
"summary": "1851014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
},
{
"category": "external",
"summary": "1851019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
},
{
"category": "external",
"summary": "1851022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4960.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Decision Manager 7.9.0 security update",
"tracking": {
"current_release_date": "2024-11-05T22:58:44+00:00",
"generator": {
"date": "2024-11-05T22:58:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:4960",
"initial_release_date": "2020-11-05T18:47:03+00:00",
"revision_history": [
{
"date": "2020-11-05T18:47:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-05T18:47:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:58:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHDM 7.9.0",
"product": {
"name": "RHDM 7.9.0",
"product_id": "RHDM 7.9.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Decision Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"RHDM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2019-17566",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: SSRF via \"xlink:href\"",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17566"
},
{
"category": "external",
"summary": "RHBZ#1848617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566"
}
],
"release_date": "2020-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: SSRF via \"xlink:href\""
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-1945",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-05-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1837444"
}
],
"notes": [
{
"category": "description",
"text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ant: insecure temporary file vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1945"
},
{
"category": "external",
"summary": "RHBZ#1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
}
],
"release_date": "2020-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "workaround",
"details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
"product_ids": [
"RHDM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ant: insecure temporary file vulnerability"
},
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"cve": "CVE-2020-2875",
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2875"
},
{
"category": "external",
"summary": "RHBZ#1851019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
},
{
"cve": "CVE-2020-2933",
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection, causing a denial of service of the MySQL Connectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2933"
},
{
"category": "external",
"summary": "RHBZ#1851022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS"
},
{
"cve": "CVE-2020-2934",
"discovery_date": "2020-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851014"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2934"
},
{
"category": "external",
"summary": "RHBZ#1851014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"RHDM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"RHDM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
}
]
}
rhsa-2020_4961
Vulnerability from csaf_redhat
Published
2020-11-05 18:48
Modified
2024-11-05 22:58
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.9.0 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* ant: insecure temporary file vulnerability (CVE-2020-1945)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)
* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4961",
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "1848617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
},
{
"category": "external",
"summary": "1851014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
},
{
"category": "external",
"summary": "1851019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
},
{
"category": "external",
"summary": "1851022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4961.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.9.0 security update",
"tracking": {
"current_release_date": "2024-11-05T22:58:36+00:00",
"generator": {
"date": "2024-11-05T22:58:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:4961",
"initial_release_date": "2020-11-05T18:48:33+00:00",
"revision_history": [
{
"date": "2020-11-05T18:48:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-05T18:48:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:58:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.9.0",
"product": {
"name": "RHPAM 7.9.0",
"product_id": "RHPAM 7.9.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"RHPAM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2019-17566",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: SSRF via \"xlink:href\"",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17566"
},
{
"category": "external",
"summary": "RHBZ#1848617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566"
}
],
"release_date": "2020-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: SSRF via \"xlink:href\""
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-1945",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-05-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1837444"
}
],
"notes": [
{
"category": "description",
"text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ant: insecure temporary file vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1945"
},
{
"category": "external",
"summary": "RHBZ#1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
}
],
"release_date": "2020-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "workaround",
"details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
"product_ids": [
"RHPAM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ant: insecure temporary file vulnerability"
},
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"cve": "CVE-2020-2875",
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2875"
},
{
"category": "external",
"summary": "RHBZ#1851019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
},
{
"cve": "CVE-2020-2933",
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection, causing a denial of service of the MySQL Connectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2933"
},
{
"category": "external",
"summary": "RHBZ#1851022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS"
},
{
"cve": "CVE-2020-2934",
"discovery_date": "2020-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851014"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2934"
},
{
"category": "external",
"summary": "RHBZ#1851014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"RHPAM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"RHPAM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
}
]
}
rhsa-2020_3639
Vulnerability from csaf_redhat
Published
2020-09-07 12:58
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3639",
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-18366",
"url": "https://issues.redhat.com/browse/JBEAP-18366"
},
{
"category": "external",
"summary": "JBEAP-18667",
"url": "https://issues.redhat.com/browse/JBEAP-18667"
},
{
"category": "external",
"summary": "JBEAP-18849",
"url": "https://issues.redhat.com/browse/JBEAP-18849"
},
{
"category": "external",
"summary": "JBEAP-18880",
"url": "https://issues.redhat.com/browse/JBEAP-18880"
},
{
"category": "external",
"summary": "JBEAP-18906",
"url": "https://issues.redhat.com/browse/JBEAP-18906"
},
{
"category": "external",
"summary": "JBEAP-18919",
"url": "https://issues.redhat.com/browse/JBEAP-18919"
},
{
"category": "external",
"summary": "JBEAP-18965",
"url": "https://issues.redhat.com/browse/JBEAP-18965"
},
{
"category": "external",
"summary": "JBEAP-19040",
"url": "https://issues.redhat.com/browse/JBEAP-19040"
},
{
"category": "external",
"summary": "JBEAP-19058",
"url": "https://issues.redhat.com/browse/JBEAP-19058"
},
{
"category": "external",
"summary": "JBEAP-19120",
"url": "https://issues.redhat.com/browse/JBEAP-19120"
},
{
"category": "external",
"summary": "JBEAP-19255",
"url": "https://issues.redhat.com/browse/JBEAP-19255"
},
{
"category": "external",
"summary": "JBEAP-19271",
"url": "https://issues.redhat.com/browse/JBEAP-19271"
},
{
"category": "external",
"summary": "JBEAP-19315",
"url": "https://issues.redhat.com/browse/JBEAP-19315"
},
{
"category": "external",
"summary": "JBEAP-19463",
"url": "https://issues.redhat.com/browse/JBEAP-19463"
},
{
"category": "external",
"summary": "JBEAP-19565",
"url": "https://issues.redhat.com/browse/JBEAP-19565"
},
{
"category": "external",
"summary": "JBEAP-19587",
"url": "https://issues.redhat.com/browse/JBEAP-19587"
},
{
"category": "external",
"summary": "JBEAP-19620",
"url": "https://issues.redhat.com/browse/JBEAP-19620"
},
{
"category": "external",
"summary": "JBEAP-19624",
"url": "https://issues.redhat.com/browse/JBEAP-19624"
},
{
"category": "external",
"summary": "JBEAP-19703",
"url": "https://issues.redhat.com/browse/JBEAP-19703"
},
{
"category": "external",
"summary": "JBEAP-19704",
"url": "https://issues.redhat.com/browse/JBEAP-19704"
},
{
"category": "external",
"summary": "JBEAP-19798",
"url": "https://issues.redhat.com/browse/JBEAP-19798"
},
{
"category": "external",
"summary": "JBEAP-19837",
"url": "https://issues.redhat.com/browse/JBEAP-19837"
},
{
"category": "external",
"summary": "JBEAP-19875",
"url": "https://issues.redhat.com/browse/JBEAP-19875"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3639.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
"tracking": {
"current_release_date": "2024-11-05T22:40:31+00:00",
"generator": {
"date": "2024-11-05T22:40:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3639",
"initial_release_date": "2020-09-07T12:58:06+00:00",
"revision_history": [
{
"date": "2020-09-07T12:58:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-07T12:58:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:40:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 8",
"product_id": "8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"acknowledgments": [
{
"names": [
"Mirko Selber"
],
"organization": "Compass Security"
}
],
"cve": "CVE-2020-1695",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1695"
},
{
"category": "external",
"summary": "RHBZ#1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"acknowledgments": [
{
"names": [
"An Trinh"
]
}
],
"cve": "CVE-2020-6950",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-6950"
},
{
"category": "external",
"summary": "RHBZ#1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950"
},
{
"category": "external",
"summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
"url": "https://github.com/eclipse-ee4j/mojarra/issues/4571"
},
{
"category": "external",
"summary": "https://github.com/javaserverfaces/mojarra/issues/4364",
"url": "https://github.com/javaserverfaces/mojarra/issues/4364"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371"
},
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3639"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2021_3140
Vulnerability from csaf_redhat
Published
2021-08-11 18:21
Modified
2024-11-05 23:50
Summary
Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update
Notes
Topic
A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hawtio-osgi (CVE-2017-5645)
* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)
* apache-commons-compress (CVE-2019-12402)
* karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)
* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)
* spring-cloud-config-server (CVE-2020-5410)
* velocity (CVE-2020-13936)
* httpclient: apache-httpclient (CVE-2020-13956)
* shiro-core: shiro (CVE-2020-17510)
* hibernate-core (CVE-2020-25638)
* wildfly-openssl (CVE-2020-25644)
* jetty (CVE-2020-27216, CVE-2021-28165)
* bouncycastle (CVE-2020-28052)
* wildfly (CVE-2019-14887, CVE-2020-25640)
* resteasy-jaxrs: resteasy (CVE-2020-1695)
* camel-olingo4 (CVE-2020-1925)
* springframework (CVE-2020-5421)
* jsf-impl: Mojarra (CVE-2020-6950)
* resteasy (CVE-2020-10688)
* hibernate-validator (CVE-2020-10693)
* wildfly-elytron (CVE-2020-10714)
* undertow (CVE-2020-10719)
* activemq (CVE-2020-13920)
* cxf-core: cxf (CVE-2020-13954)
* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)
* jboss-ejb-client: wildfly (CVE-2020-14297)
* xercesimpl: wildfly (CVE-2020-14338)
* xnio (CVE-2020-14340)
* flink: apache-flink (CVE-2020-17518)
* resteasy-client (CVE-2020-25633)
* xstream (CVE-2020-26258)
* mybatis (CVE-2020-26945)
* pdfbox (CVE-2021-27807, CVE-2021-27906)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hawtio-osgi (CVE-2017-5645)\n\n* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)\n\n* apache-commons-compress (CVE-2019-12402)\n\n* karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)\n\n* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)\n\n* spring-cloud-config-server (CVE-2020-5410)\n\n* velocity (CVE-2020-13936)\n\n* httpclient: apache-httpclient (CVE-2020-13956)\n\n* shiro-core: shiro (CVE-2020-17510)\n\n* hibernate-core (CVE-2020-25638)\n\n* wildfly-openssl (CVE-2020-25644)\n\n* jetty (CVE-2020-27216, CVE-2021-28165)\n\n* bouncycastle (CVE-2020-28052)\n\n* wildfly (CVE-2019-14887, CVE-2020-25640)\n\n* resteasy-jaxrs: resteasy (CVE-2020-1695)\n\n* camel-olingo4 (CVE-2020-1925)\n\n* springframework (CVE-2020-5421)\n\n* jsf-impl: Mojarra (CVE-2020-6950)\n\n* resteasy (CVE-2020-10688)\n\n* hibernate-validator (CVE-2020-10693)\n\n* wildfly-elytron (CVE-2020-10714)\n\n* undertow (CVE-2020-10719)\n\n* activemq (CVE-2020-13920)\n\n* cxf-core: cxf (CVE-2020-13954)\n\n* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)\n\n* jboss-ejb-client: wildfly (CVE-2020-14297)\n\n* xercesimpl: wildfly (CVE-2020-14338)\n\n* xnio (CVE-2020-14340)\n\n* flink: apache-flink (CVE-2020-17518)\n\n* resteasy-client (CVE-2020-25633)\n\n* xstream (CVE-2020-26258)\n\n* mybatis (CVE-2020-26945)\n\n* pdfbox (CVE-2021-27807, CVE-2021-27906)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:3140",
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/"
},
{
"category": "external",
"summary": "1443635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
},
{
"category": "external",
"summary": "1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "1764640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764640"
},
{
"category": "external",
"summary": "1772008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008"
},
{
"category": "external",
"summary": "1785376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785376"
},
{
"category": "external",
"summary": "1790309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790309"
},
{
"category": "external",
"summary": "1798509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
},
{
"category": "external",
"summary": "1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1806398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
},
{
"category": "external",
"summary": "1806835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
},
{
"category": "external",
"summary": "1814974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
},
{
"category": "external",
"summary": "1838332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332"
},
{
"category": "external",
"summary": "1845626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845626"
},
{
"category": "external",
"summary": "1851420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851420"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "1853652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
},
{
"category": "external",
"summary": "1857024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857024"
},
{
"category": "external",
"summary": "1857040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857040"
},
{
"category": "external",
"summary": "1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "1879042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879042"
},
{
"category": "external",
"summary": "1880101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880101"
},
{
"category": "external",
"summary": "1881158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881158"
},
{
"category": "external",
"summary": "1881353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"category": "external",
"summary": "1881637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
},
{
"category": "external",
"summary": "1885485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"
},
{
"category": "external",
"summary": "1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "1887257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887257"
},
{
"category": "external",
"summary": "1891132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132"
},
{
"category": "external",
"summary": "1898235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898235"
},
{
"category": "external",
"summary": "1903727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903727"
},
{
"category": "external",
"summary": "1908832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832"
},
{
"category": "external",
"summary": "1912881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881"
},
{
"category": "external",
"summary": "1913312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913312"
},
{
"category": "external",
"summary": "1937440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
},
{
"category": "external",
"summary": "1941050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941050"
},
{
"category": "external",
"summary": "1941055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941055"
},
{
"category": "external",
"summary": "1945714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3140.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update",
"tracking": {
"current_release_date": "2024-11-05T23:50:25+00:00",
"generator": {
"date": "2024-11-05T23:50:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2021:3140",
"initial_release_date": "2021-08-11T18:21:58+00:00",
"revision_history": [
{
"date": "2021-08-11T18:21:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-08-11T18:21:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T23:50:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 7.9",
"product": {
"name": "Red Hat Fuse 7.9",
"product_id": "Red Hat Fuse 7.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5645",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2017-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443635"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Socket receiver deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw in Log4j-1.x is now identified by CVE-2019-17571. CVE-2017-5645 has been assigned by MITRE to a similar flaw identified in Log4j-2.x",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5645"
},
{
"category": "external",
"summary": "RHBZ#1443635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645"
}
],
"release_date": "2017-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j: Socket receiver deserialization vulnerability"
},
{
"cve": "CVE-2017-18640",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2019-12-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785376"
}
],
"notes": [
{
"category": "description",
"text": "The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Billion laughs attack via alias feature",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18640"
},
{
"category": "external",
"summary": "RHBZ#1785376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18640",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18640"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18640"
}
],
"release_date": "2019-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Billion laughs attack via alias feature"
},
{
"cve": "CVE-2019-12402",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2019-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1764640"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption vulnerability was discovered in apache-commons-compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being controlled by the user, may be vulnerable to this flaw. A remote attacker could exploit this flaw to cause an infinite loop during the archive creation, thus leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-compress: Infinite loop in name encoding algorithm",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of apache-commons-compress as shipped with Red Hat Enterprise Linux 7, and the versions of rh-java-common-apache-commons-compress and rh-maven35-apache-commons-compress as shipped with Red Hat Software Collections 3, as they used a fallback zip encoding implementation (leveraging java.io) to encode filenames.\nThis issue does not affect the versions of rh-maven36-apache-commons-compress as shipped with Red Hat Software Collection 3 as they already include the patch.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12402"
},
{
"category": "external",
"summary": "RHBZ#1764640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764640"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12402"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12402",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12402"
}
],
"release_date": "2019-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-compress: Infinite loop in name encoding algorithm"
},
{
"cve": "CVE-2019-14887",
"cwe": {
"id": "CWE-757",
"name": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)"
},
"discovery_date": "2019-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found when an OpenSSL security provider is used with Wildfly, the \u0027enabled-protocols\u0027 value in the Wildfly configuration isn\u0027t honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14887"
},
{
"category": "external",
"summary": "RHBZ#1772008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14887",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14887"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887"
}
],
"release_date": "2020-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Avoid using an OpenSSL security provider and instead use the default configuration or regular JSSE provider with \u0027TLS\u0027.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use"
},
{
"cve": "CVE-2019-16869",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1758619"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-16869"
},
{
"category": "external",
"summary": "RHBZ#1758619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16869"
}
],
"release_date": "2019-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers"
},
{
"cve": "CVE-2019-20445",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1798509"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships a vulnerable version of netty embedded in Candlepin. However, the flaw can not be triggered in that context, because HTTP requests are handled by Tomcat, not by netty. A future release may fix this.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20445"
},
{
"category": "external",
"summary": "RHBZ#1798509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20445"
}
],
"release_date": "2020-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header"
},
{
"acknowledgments": [
{
"names": [
"Mirko Selber"
],
"organization": "Compass Security"
}
],
"cve": "CVE-2020-1695",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1695"
},
{
"category": "external",
"summary": "RHBZ#1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class"
},
{
"cve": "CVE-2020-1925",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2020-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1790309"
}
],
"notes": [
{
"category": "description",
"text": "Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "olingo-odata: Server side request forgery in AsyncResponseWrapperImpl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1925"
},
{
"category": "external",
"summary": "RHBZ#1790309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1925",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1925"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1925",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1925"
}
],
"release_date": "2020-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "olingo-odata: Server side request forgery in AsyncResponseWrapperImpl"
},
{
"acknowledgments": [
{
"names": [
"@ZeddYu"
],
"organization": "Apache Tomcat Security Team"
}
],
"cve": "CVE-2020-1935",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-12-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1806835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight in Red Hat OpenStack 10 \u0026 13 was in technical preview status, because of this no fixes will be released for it.\n\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1935"
},
{
"category": "external",
"summary": "RHBZ#1806835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1935"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
}
],
"release_date": "2020-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\n\nFor other Red Hat products, either mitigation isn\u0027t available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling"
},
{
"cve": "CVE-2020-1938",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1806398"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1938"
},
{
"category": "external",
"summary": "RHBZ#1806398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1938"
},
{
"category": "external",
"summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
"url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31"
},
{
"category": "external",
"summary": "https://www.cnvd.org.cn/webinfo/show/5415",
"url": "https://www.cnvd.org.cn/webinfo/show/5415"
},
{
"category": "external",
"summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
"url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-03T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability"
},
{
"cve": "CVE-2020-5410",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1845626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-5410"
},
{
"category": "external",
"summary": "RHBZ#1845626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-5410",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5410"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-05-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Users of vulnerable versions or older, unsupported versions of spring-cloud-config-server should upgrade to a patched version. Spring-cloud-config-server should only be accessible on internal networks.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack"
},
{
"cve": "CVE-2020-5421",
"discovery_date": "2020-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1881158"
}
],
"notes": [
{
"category": "description",
"text": "In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: RFD protection bypass via jsessionid",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the version of SpringFramework (embedded in rhvm-dependencies) shipped with Red Hat Virtualization, as it does not provide support for spring-web.\n\nIn Red Hat Gluster Storage 3, SpringFramework (embedded in rhvm-dependencies) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. However, spring-web is not included in the shipped version of SpringFramework.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-5421"
},
{
"category": "external",
"summary": "RHBZ#1881158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-5421",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5421"
}
],
"release_date": "2020-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: RFD protection bypass via jsessionid"
},
{
"acknowledgments": [
{
"names": [
"An Trinh"
]
}
],
"cve": "CVE-2020-6950",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-6950"
},
{
"category": "external",
"summary": "RHBZ#1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950"
},
{
"category": "external",
"summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
"url": "https://github.com/eclipse-ee4j/mojarra/issues/4571"
},
{
"category": "external",
"summary": "https://github.com/javaserverfaces/mojarra/issues/4364",
"url": "https://github.com/javaserverfaces/mojarra/issues/4364"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371"
},
{
"cve": "CVE-2020-9484",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-05-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1838332"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization flaw was discovered in Apache Tomcat\u0027s use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: deserialization flaw in session persistence storage leading to RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the pki-servlet-engine component, which embeds a vulnerable version of Tomcat. However, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of pki-servlet-engine outside of these contexts is not supported. As a result, the vulnerability can not be triggered in supported configurations of these products. A future update may update Tomcat in pki-servlet-engine.\n\nRed Hat Satellite do not ship Tomcat and rather use its configuration. The product is not affected because configuration does not make use of PersistanceManager or FileStore. Tomcat updates can be obtain from Red Hat Enterprise Linux (RHEL) RHSA.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9484"
},
{
"category": "external",
"summary": "RHBZ#1838332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9484",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9484"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9484"
},
{
"category": "external",
"summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E",
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5",
"url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35"
}
],
"release_date": "2020-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: deserialization flaw in session persistence storage leading to RCE"
},
{
"cve": "CVE-2020-10688",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1814974"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting (XSS) flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10688"
},
{
"category": "external",
"summary": "RHBZ#1814974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1814974"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10688",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10688"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10688"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/7248",
"url": "https://github.com/quarkusio/quarkus/issues/7248"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RESTEASY-2519",
"url": "https://issues.redhat.com/browse/RESTEASY-2519"
}
],
"release_date": "2020-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"ZeddYu"
]
}
],
"cve": "CVE-2020-10719",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: invalid HTTP request with large chunk size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10719"
},
{
"category": "external",
"summary": "RHBZ#1828459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10719",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719"
}
],
"release_date": "2020-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: invalid HTTP request with large chunk size"
},
{
"cve": "CVE-2020-11996",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851420"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of RHOSP14 and is only receiving security fixes for Important and Critical flaws.\nApache Tomcat versions as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as it doesn\u0027t support HTTP/2 protocol.\nRed Hat Enterprise Linux 8\u0027s Identity Management is using an affected version of Tomcat bundled within PKI servlet engine, however HTTP/2 protocol is not supported by this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11996"
},
{
"category": "external",
"summary": "RHBZ#1851420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851420"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11996",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11996"
},
{
"category": "external",
"summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E",
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6",
"url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M6"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.56"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.36"
}
],
"release_date": "2020-06-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS"
},
{
"cve": "CVE-2020-13920",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-09-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1880101"
}
],
"notes": [
{
"category": "description",
"text": "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "activemq: improper authentication allows MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13920"
},
{
"category": "external",
"summary": "RHBZ#1880101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880101"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13920",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13920"
}
],
"release_date": "2020-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "activemq: improper authentication allows MITM attack"
},
{
"cve": "CVE-2020-13934",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1857040"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Certificate System 10.0 and Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat that is bundled into the pki-servlet-engine component. However, HTTP/2 is not enabled in such a configuration, and it is not possible to trigger the flaw in a supported setup. A future update may fix the code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13934"
},
{
"category": "external",
"summary": "RHBZ#1857040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857040"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13934"
},
{
"category": "external",
"summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E",
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7",
"url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37"
}
],
"release_date": "2020-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS"
},
{
"cve": "CVE-2020-13935",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1857024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8\u0027s Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, there is no entry point for WebSockets, thus it is not possible to trigger the flaw in a supported setup. A future update may fix the code. Similarly, Red Hat OpenStack Platform 13 does not ship with WebSocket functionality enabled by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13935"
},
{
"category": "external",
"summary": "RHBZ#1857024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1857024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13935"
},
{
"category": "external",
"summary": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E",
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7",
"url": "http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37",
"url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37"
}
],
"release_date": "2020-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS"
},
{
"cve": "CVE-2020-13936",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "velocity: arbitrary code execution when attacker is able to modify templates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8\u0027s pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13936"
},
{
"category": "external",
"summary": "RHBZ#1937440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "velocity: arbitrary code execution when attacker is able to modify templates"
},
{
"cve": "CVE-2020-13954",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1898235"
}
],
"notes": [
{
"category": "description",
"text": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: XSS via the styleSheetPath",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13954"
},
{
"category": "external",
"summary": "RHBZ#1898235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13954"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Users can disable the service listing altogether by setting the \"hide-service-list-page\" servlet parameter to \"true\".",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cxf: XSS via the styleSheetPath"
},
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-10-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886587"
}
],
"notes": [
{
"category": "description",
"text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-httpclient: incorrect handling of malformed authority component in request URIs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13956"
},
{
"category": "external",
"summary": "RHBZ#1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4",
"url": "https://www.openwall.com/lists/oss-security/2020/10/08/4"
}
],
"release_date": "2020-10-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-httpclient: incorrect handling of malformed authority component in request URIs"
},
{
"cve": "CVE-2020-14040",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-06-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853652"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14040"
},
{
"category": "external",
"summary": "RHBZ#1853652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/39491",
"url": "https://github.com/golang/go/issues/39491"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
"url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
}
],
"release_date": "2020-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14338",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14338"
},
{
"category": "external",
"summary": "RHBZ#1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl"
},
{
"acknowledgments": [
{
"names": [
"Masafumi Miura"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14340",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860218"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14340"
},
{
"category": "external",
"summary": "RHBZ#1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340"
}
],
"release_date": "2020-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS"
},
{
"cve": "CVE-2020-17510",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2020-11-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1903727"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache shiro. When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. This highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: specially crafted HTTP request may cause an authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the OpenDaylight version that is included in Red Hat OpenStack Platform includes the affected code, the vulnerable function is not used and therefore not exploitable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-17510"
},
{
"category": "external",
"summary": "RHBZ#1903727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903727"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-17510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-17510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17510"
}
],
"release_date": "2020-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "shiro: specially crafted HTTP request may cause an authentication bypass"
},
{
"cve": "CVE-2020-17518",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2021-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913312"
}
],
"notes": [
{
"category": "description",
"text": "Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-flink: directory traversal attack allows remote file writing through the REST API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-17518"
},
{
"category": "external",
"summary": "RHBZ#1913312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-17518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-17518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17518"
}
],
"release_date": "2021-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-flink: directory traversal attack allows remote file writing through the REST API"
},
{
"cve": "CVE-2020-25633",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2020-09-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1879042"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server\u0027s potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25633"
},
{
"category": "external",
"summary": "RHBZ#1879042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25633",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25633"
}
],
"release_date": "2020-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling"
},
{
"cve": "CVE-2020-25638",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2020-09-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1881353"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25638"
},
{
"category": "external",
"summary": "RHBZ#1881353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638"
}
],
"release_date": "2020-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used"
},
{
"cve": "CVE-2020-25640",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2020-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1881637"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25640"
},
{
"category": "external",
"summary": "RHBZ#1881637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25640"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25640"
},
{
"category": "external",
"summary": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13",
"url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"
}
],
"release_date": "2020-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: resource adapter logs plaintext JMS password at warning level on connection error"
},
{
"cve": "CVE-2020-25644",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2020-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1885485"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25644"
},
{
"category": "external",
"summary": "RHBZ#1885485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644"
}
],
"release_date": "2020-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL"
},
{
"cve": "CVE-2020-26258",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2020-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1908832"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26258"
},
{
"category": "external",
"summary": "RHBZ#1908832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258"
}
],
"release_date": "2020-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling"
},
{
"cve": "CVE-2020-26945",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1887257"
}
],
"notes": [
{
"category": "description",
"text": "MyBatis before 3.5.6 mishandles deserialization of object streams.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mybatis: mishandles deserialization of object streams which could result in remote code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26945"
},
{
"category": "external",
"summary": "RHBZ#1887257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26945"
}
],
"release_date": "2020-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mybatis: mishandles deserialization of object streams which could result in remote code execution"
},
{
"cve": "CVE-2020-27216",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1891132"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: local temporary directory hijacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27216"
},
{
"category": "external",
"summary": "RHBZ#1891132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053"
}
],
"release_date": "2020-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: local temporary directory hijacking vulnerability"
},
{
"cve": "CVE-2020-28052",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2021-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1912881"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28052"
},
{
"category": "external",
"summary": "RHBZ#1912881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052"
}
],
"release_date": "2020-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
},
{
"category": "workaround",
"details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required",
"product_ids": [
"Red Hat Fuse 7.9"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible"
},
{
"cve": "CVE-2021-27568",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1939839"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability.\r\n\r\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of json-smart package.\r\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\r\nThis may be fixed in the future.\r\n\r\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: uncaught exception may lead to crash or information disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27568"
},
{
"category": "external",
"summary": "RHBZ#1939839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939839"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27568",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27568"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-smart: uncaught exception may lead to crash or information disclosure"
},
{
"cve": "CVE-2021-27807",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1941055"
}
],
"notes": [
{
"category": "description",
"text": "A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pdfbox: infinite loop while loading a crafted PDF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27807"
},
{
"category": "external",
"summary": "RHBZ#1941055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941055"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27807"
}
],
"release_date": "2021-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pdfbox: infinite loop while loading a crafted PDF file"
},
{
"cve": "CVE-2021-27906",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1941050"
}
],
"notes": [
{
"category": "description",
"text": "A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pdfbox: OutOfMemory-Exception while loading a crafted PDF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27906"
},
{
"category": "external",
"summary": "RHBZ#1941050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941050"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27906"
}
],
"release_date": "2021-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pdfbox: OutOfMemory-Exception while loading a crafted PDF file"
},
{
"cve": "CVE-2021-28165",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945714"
}
],
"notes": [
{
"category": "description",
"text": "When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Resource exhaustion when receiving an invalid large TLS frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28165"
},
{
"category": "external",
"summary": "RHBZ#1945714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T18:21:58+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.9.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/",
"product_ids": [
"Red Hat Fuse 7.9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:3140"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.9"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Resource exhaustion when receiving an invalid large TLS frame"
}
]
}
rhsa-2020_3637
Vulnerability from csaf_redhat
Published
2020-09-07 12:57
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3637",
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-18366",
"url": "https://issues.redhat.com/browse/JBEAP-18366"
},
{
"category": "external",
"summary": "JBEAP-18667",
"url": "https://issues.redhat.com/browse/JBEAP-18667"
},
{
"category": "external",
"summary": "JBEAP-18849",
"url": "https://issues.redhat.com/browse/JBEAP-18849"
},
{
"category": "external",
"summary": "JBEAP-18880",
"url": "https://issues.redhat.com/browse/JBEAP-18880"
},
{
"category": "external",
"summary": "JBEAP-18906",
"url": "https://issues.redhat.com/browse/JBEAP-18906"
},
{
"category": "external",
"summary": "JBEAP-18919",
"url": "https://issues.redhat.com/browse/JBEAP-18919"
},
{
"category": "external",
"summary": "JBEAP-18965",
"url": "https://issues.redhat.com/browse/JBEAP-18965"
},
{
"category": "external",
"summary": "JBEAP-19038",
"url": "https://issues.redhat.com/browse/JBEAP-19038"
},
{
"category": "external",
"summary": "JBEAP-19058",
"url": "https://issues.redhat.com/browse/JBEAP-19058"
},
{
"category": "external",
"summary": "JBEAP-19120",
"url": "https://issues.redhat.com/browse/JBEAP-19120"
},
{
"category": "external",
"summary": "JBEAP-19255",
"url": "https://issues.redhat.com/browse/JBEAP-19255"
},
{
"category": "external",
"summary": "JBEAP-19271",
"url": "https://issues.redhat.com/browse/JBEAP-19271"
},
{
"category": "external",
"summary": "JBEAP-19315",
"url": "https://issues.redhat.com/browse/JBEAP-19315"
},
{
"category": "external",
"summary": "JBEAP-19463",
"url": "https://issues.redhat.com/browse/JBEAP-19463"
},
{
"category": "external",
"summary": "JBEAP-19565",
"url": "https://issues.redhat.com/browse/JBEAP-19565"
},
{
"category": "external",
"summary": "JBEAP-19587",
"url": "https://issues.redhat.com/browse/JBEAP-19587"
},
{
"category": "external",
"summary": "JBEAP-19620",
"url": "https://issues.redhat.com/browse/JBEAP-19620"
},
{
"category": "external",
"summary": "JBEAP-19624",
"url": "https://issues.redhat.com/browse/JBEAP-19624"
},
{
"category": "external",
"summary": "JBEAP-19703",
"url": "https://issues.redhat.com/browse/JBEAP-19703"
},
{
"category": "external",
"summary": "JBEAP-19704",
"url": "https://issues.redhat.com/browse/JBEAP-19704"
},
{
"category": "external",
"summary": "JBEAP-19798",
"url": "https://issues.redhat.com/browse/JBEAP-19798"
},
{
"category": "external",
"summary": "JBEAP-19837",
"url": "https://issues.redhat.com/browse/JBEAP-19837"
},
{
"category": "external",
"summary": "JBEAP-19875",
"url": "https://issues.redhat.com/browse/JBEAP-19875"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3637.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
"tracking": {
"current_release_date": "2024-11-05T22:40:48+00:00",
"generator": {
"date": "2024-11-05T22:40:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3637",
"initial_release_date": "2020-09-07T12:57:26+00:00",
"revision_history": [
{
"date": "2020-09-07T12:57:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-07T12:57:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:40:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"product": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"product": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src"
},
"product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src"
},
"product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"acknowledgments": [
{
"names": [
"Mirko Selber"
],
"organization": "Compass Security"
}
],
"cve": "CVE-2020-1695",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1695"
},
{
"category": "external",
"summary": "RHBZ#1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"acknowledgments": [
{
"names": [
"An Trinh"
]
}
],
"cve": "CVE-2020-6950",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-6950"
},
{
"category": "external",
"summary": "RHBZ#1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950"
},
{
"category": "external",
"summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
"url": "https://github.com/eclipse-ee4j/mojarra/issues/4571"
},
{
"category": "external",
"summary": "https://github.com/javaserverfaces/mojarra/issues/4364",
"url": "https://github.com/javaserverfaces/mojarra/issues/4364"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371"
},
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:57:26+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3637"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2020_3638
Vulnerability from csaf_redhat
Published
2020-09-07 12:58
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3638",
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-18366",
"url": "https://issues.redhat.com/browse/JBEAP-18366"
},
{
"category": "external",
"summary": "JBEAP-18667",
"url": "https://issues.redhat.com/browse/JBEAP-18667"
},
{
"category": "external",
"summary": "JBEAP-18849",
"url": "https://issues.redhat.com/browse/JBEAP-18849"
},
{
"category": "external",
"summary": "JBEAP-18880",
"url": "https://issues.redhat.com/browse/JBEAP-18880"
},
{
"category": "external",
"summary": "JBEAP-18906",
"url": "https://issues.redhat.com/browse/JBEAP-18906"
},
{
"category": "external",
"summary": "JBEAP-18919",
"url": "https://issues.redhat.com/browse/JBEAP-18919"
},
{
"category": "external",
"summary": "JBEAP-18965",
"url": "https://issues.redhat.com/browse/JBEAP-18965"
},
{
"category": "external",
"summary": "JBEAP-19039",
"url": "https://issues.redhat.com/browse/JBEAP-19039"
},
{
"category": "external",
"summary": "JBEAP-19058",
"url": "https://issues.redhat.com/browse/JBEAP-19058"
},
{
"category": "external",
"summary": "JBEAP-19120",
"url": "https://issues.redhat.com/browse/JBEAP-19120"
},
{
"category": "external",
"summary": "JBEAP-19255",
"url": "https://issues.redhat.com/browse/JBEAP-19255"
},
{
"category": "external",
"summary": "JBEAP-19271",
"url": "https://issues.redhat.com/browse/JBEAP-19271"
},
{
"category": "external",
"summary": "JBEAP-19315",
"url": "https://issues.redhat.com/browse/JBEAP-19315"
},
{
"category": "external",
"summary": "JBEAP-19463",
"url": "https://issues.redhat.com/browse/JBEAP-19463"
},
{
"category": "external",
"summary": "JBEAP-19565",
"url": "https://issues.redhat.com/browse/JBEAP-19565"
},
{
"category": "external",
"summary": "JBEAP-19587",
"url": "https://issues.redhat.com/browse/JBEAP-19587"
},
{
"category": "external",
"summary": "JBEAP-19620",
"url": "https://issues.redhat.com/browse/JBEAP-19620"
},
{
"category": "external",
"summary": "JBEAP-19624",
"url": "https://issues.redhat.com/browse/JBEAP-19624"
},
{
"category": "external",
"summary": "JBEAP-19703",
"url": "https://issues.redhat.com/browse/JBEAP-19703"
},
{
"category": "external",
"summary": "JBEAP-19704",
"url": "https://issues.redhat.com/browse/JBEAP-19704"
},
{
"category": "external",
"summary": "JBEAP-19798",
"url": "https://issues.redhat.com/browse/JBEAP-19798"
},
{
"category": "external",
"summary": "JBEAP-19837",
"url": "https://issues.redhat.com/browse/JBEAP-19837"
},
{
"category": "external",
"summary": "JBEAP-19875",
"url": "https://issues.redhat.com/browse/JBEAP-19875"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3638.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
"tracking": {
"current_release_date": "2024-11-05T22:40:58+00:00",
"generator": {
"date": "2024-11-05T22:40:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3638",
"initial_release_date": "2020-09-07T12:58:33+00:00",
"revision_history": [
{
"date": "2020-09-07T12:58:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-07T12:58:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:40:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.2.5-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-ejb@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-jta@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-web@3.0.6-4.Final_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2@1.3.1-13.Final_redhat_00014.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.2.9-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.2.5-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"product_id": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.6.1-10.SP9_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.6-4.SP3_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.9.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.6.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-13.SP3_redhat_00011.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@2.3.5-7.SP2_redhat_00005.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"product_id": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-weld-core@3.0.6-4.Final_redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-modules@1.8.10-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.11-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.0.23-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.3.1-13.Final_redhat_00014.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.2.9-4.GA_redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.2 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"acknowledgments": [
{
"names": [
"Mirko Selber"
],
"organization": "Compass Security"
}
],
"cve": "CVE-2020-1695",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1695"
},
{
"category": "external",
"summary": "RHBZ#1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"acknowledgments": [
{
"names": [
"An Trinh"
]
}
],
"cve": "CVE-2020-6950",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-6950"
},
{
"category": "external",
"summary": "RHBZ#1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950"
},
{
"category": "external",
"summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
"url": "https://github.com/eclipse-ee4j/mojarra/issues/4571"
},
{
"category": "external",
"summary": "https://github.com/javaserverfaces/mojarra/issues/4364",
"url": "https://github.com/javaserverfaces/mojarra/issues/4364"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371"
},
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T12:58:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, which includes the changes described in this advisory, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3638"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-cli-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-core-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap6.4-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly10.1-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly11.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly12.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly13.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly14.0-server-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly8.2-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-server-migration-wildfly9.0-to-eap7.2-0:1.3.1-13.Final_redhat_00014.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-resteasy-atom-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-cdi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-client-microprofile-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-crypto-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jackson2-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxb-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jaxrs-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jettison-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jose-jwt-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-jsapi-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-binding-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-json-p-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-multipart-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-rxjava2-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-spring-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-validator-provider-11-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-resteasy-yaml-provider-0:3.6.1-10.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-undertow-server-0:1.2.5-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-weld-core-impl-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-core-jsf-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-ejb-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-jta-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-probe-core-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-weld-web-0:3.0.6-4.Final_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.2:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk11-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-java-jdk8-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-javadocs-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-modules-0:7.2.9-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.2:eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2020_3779
Vulnerability from csaf_redhat
Published
2020-09-17 13:07
Modified
2024-11-05 22:42
Summary
Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update
Notes
Topic
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
* jetty: Incorrect header handling (CVE-2017-7658)
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* jetty: Incorrect header handling (CVE-2017-7658)\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)\n\n* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3779",
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"category": "external",
"summary": "1595621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621"
},
{
"category": "external",
"summary": "1715075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075"
},
{
"category": "external",
"summary": "1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "1752770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1796617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617"
},
{
"category": "external",
"summary": "1807305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1819208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208"
},
{
"category": "external",
"summary": "1819212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212"
},
{
"category": "external",
"summary": "1821304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304"
},
{
"category": "external",
"summary": "1821311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311"
},
{
"category": "external",
"summary": "1821315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1826798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798"
},
{
"category": "external",
"summary": "1826805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805"
},
{
"category": "external",
"summary": "1831139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3779.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update",
"tracking": {
"current_release_date": "2024-11-05T22:42:47+00:00",
"generator": {
"date": "2024-11-05T22:42:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3779",
"initial_release_date": "2020-09-17T13:07:49+00:00",
"revision_history": [
{
"date": "2020-09-17T13:07:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-17T13:07:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:42:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Data Grid 7.3.7",
"product": {
"name": "Red Hat Data Grid 7.3.7",
"product_id": "Red Hat Data Grid 7.3.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Data Grid"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7656",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2018-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595639"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP request smuggling using the range header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7656"
},
{
"category": "external",
"summary": "RHBZ#1595639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595639"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656"
}
],
"release_date": "2018-06-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP request smuggling using the range header"
},
{
"cve": "CVE-2017-7657",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2018-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595620"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: HTTP request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7657"
},
{
"category": "external",
"summary": "RHBZ#1595620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7657",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7657"
}
],
"release_date": "2018-06-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty: HTTP request smuggling"
},
{
"cve": "CVE-2017-7658",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2018-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1595621"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Incorrect header handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7658"
},
{
"category": "external",
"summary": "RHBZ#1595621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658"
}
],
"release_date": "2018-06-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Incorrect header handling"
},
{
"acknowledgments": [
{
"names": [
"Brian Stansberry"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10172",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-04-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1715075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10172"
},
{
"category": "external",
"summary": "RHBZ#1715075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172"
}
],
"release_date": "2019-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720"
},
{
"acknowledgments": [
{
"names": [
"Mirko Selber"
],
"organization": "Compass Security"
}
],
"cve": "CVE-2020-1695",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1695"
},
{
"category": "external",
"summary": "RHBZ#1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1719",
"cwe": {
"id": "CWE-270",
"name": "Privilege Context Switching Error"
},
"discovery_date": "2019-08-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1719"
},
{
"category": "external",
"summary": "RHBZ#1796617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719"
}
],
"release_date": "2019-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain"
},
{
"acknowledgments": [
{
"names": [
"Steve Zapantis",
"Robert Roberson",
"taktakdb4g"
]
}
],
"cve": "CVE-2020-1745",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807305"
}
],
"notes": [
{
"category": "description",
"text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: AJP File Read/Inclusion Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1745"
},
{
"category": "external",
"summary": "RHBZ#1807305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745"
},
{
"category": "external",
"summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
"url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
},
{
"category": "external",
"summary": "https://www.cnvd.org.cn/webinfo/show/5415",
"url": "https://www.cnvd.org.cn/webinfo/show/5415"
},
{
"category": "external",
"summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
"url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
}
],
"release_date": "2020-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: AJP File Read/Inclusion Vulnerability"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"acknowledgments": [
{
"names": [
"Fedorov Oleksii",
"Keitaro Yamazaki",
"Shiga Ryota"
],
"organization": "LINE Corporation"
}
],
"cve": "CVE-2020-1757",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2019-09-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752770"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1757"
},
{
"category": "external",
"summary": "RHBZ#1752770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757"
}
],
"release_date": "2018-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting \"alwaysUseFullPath\".",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass"
},
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9488",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-04-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1831139"
}
],
"notes": [
{
"category": "description",
"text": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: improper validation of certificate with host mismatch in SMTP appender",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9488"
},
{
"category": "external",
"summary": "RHBZ#1831139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488"
}
],
"release_date": "2020-04-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "Previous versions can set the system property mail.smtp.ssl.checkserveridentity to true to globally enable hostname verification for SMTPS connections.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "log4j: improper validation of certificate with host mismatch in SMTP appender"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"cve": "CVE-2020-10968",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10968"
},
{
"category": "external",
"summary": "RHBZ#1819208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968"
}
],
"release_date": "2020-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider"
},
{
"cve": "CVE-2020-10969",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1819212"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10969"
},
{
"category": "external",
"summary": "RHBZ#1819212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969"
}
],
"release_date": "2020-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane"
},
{
"cve": "CVE-2020-11111",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821304"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11111"
},
{
"category": "external",
"summary": "RHBZ#1821304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2664",
"url": "https://github.com/FasterXML/jackson-databind/issues/2664"
}
],
"release_date": "2020-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory"
},
{
"cve": "CVE-2020-11112",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821311"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11112"
},
{
"category": "external",
"summary": "RHBZ#1821311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2666",
"url": "https://github.com/FasterXML/jackson-databind/issues/2666"
}
],
"release_date": "2020-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider"
},
{
"cve": "CVE-2020-11113",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1821315"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11113"
},
{
"category": "external",
"summary": "RHBZ#1821315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2670",
"url": "https://github.com/FasterXML/jackson-databind/issues/2670"
}
],
"release_date": "2020-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-11619",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1826805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in org.springframework:spring-aop",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11619"
},
{
"category": "external",
"summary": "RHBZ#1826805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619"
}
],
"release_date": "2020-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in org.springframework:spring-aop"
},
{
"cve": "CVE-2020-11620",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1826798"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 7.3.7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11620"
},
{
"category": "external",
"summary": "RHBZ#1826798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620"
}
],
"release_date": "2020-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-17T13:07:49+00:00",
"details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.",
"product_ids": [
"Red Hat Data Grid 7.3.7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3779"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"Red Hat Data Grid 7.3.7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 7.3.7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly"
}
]
}
rhsa-2020_3463
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-11-05 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3463",
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-19095",
"url": "https://issues.redhat.com/browse/JBEAP-19095"
},
{
"category": "external",
"summary": "JBEAP-19134",
"url": "https://issues.redhat.com/browse/JBEAP-19134"
},
{
"category": "external",
"summary": "JBEAP-19185",
"url": "https://issues.redhat.com/browse/JBEAP-19185"
},
{
"category": "external",
"summary": "JBEAP-19203",
"url": "https://issues.redhat.com/browse/JBEAP-19203"
},
{
"category": "external",
"summary": "JBEAP-19269",
"url": "https://issues.redhat.com/browse/JBEAP-19269"
},
{
"category": "external",
"summary": "JBEAP-19322",
"url": "https://issues.redhat.com/browse/JBEAP-19322"
},
{
"category": "external",
"summary": "JBEAP-19325",
"url": "https://issues.redhat.com/browse/JBEAP-19325"
},
{
"category": "external",
"summary": "JBEAP-19397",
"url": "https://issues.redhat.com/browse/JBEAP-19397"
},
{
"category": "external",
"summary": "JBEAP-19410",
"url": "https://issues.redhat.com/browse/JBEAP-19410"
},
{
"category": "external",
"summary": "JBEAP-19411",
"url": "https://issues.redhat.com/browse/JBEAP-19411"
},
{
"category": "external",
"summary": "JBEAP-19529",
"url": "https://issues.redhat.com/browse/JBEAP-19529"
},
{
"category": "external",
"summary": "JBEAP-19564",
"url": "https://issues.redhat.com/browse/JBEAP-19564"
},
{
"category": "external",
"summary": "JBEAP-19585",
"url": "https://issues.redhat.com/browse/JBEAP-19585"
},
{
"category": "external",
"summary": "JBEAP-19617",
"url": "https://issues.redhat.com/browse/JBEAP-19617"
},
{
"category": "external",
"summary": "JBEAP-19619",
"url": "https://issues.redhat.com/browse/JBEAP-19619"
},
{
"category": "external",
"summary": "JBEAP-19673",
"url": "https://issues.redhat.com/browse/JBEAP-19673"
},
{
"category": "external",
"summary": "JBEAP-19674",
"url": "https://issues.redhat.com/browse/JBEAP-19674"
},
{
"category": "external",
"summary": "JBEAP-19874",
"url": "https://issues.redhat.com/browse/JBEAP-19874"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3463.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"tracking": {
"current_release_date": "2024-11-05T22:38:18+00:00",
"generator": {
"date": "2024-11-05T22:38:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3463",
"initial_release_date": "2020-08-17T13:28:45+00:00",
"revision_history": [
{
"date": "2020-08-17T13:28:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-17T13:28:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:38:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for BaseOS-8",
"product": {
"name": "Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:45+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3463"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2020_3462
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-11-05 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3462",
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-19095",
"url": "https://issues.redhat.com/browse/JBEAP-19095"
},
{
"category": "external",
"summary": "JBEAP-19134",
"url": "https://issues.redhat.com/browse/JBEAP-19134"
},
{
"category": "external",
"summary": "JBEAP-19185",
"url": "https://issues.redhat.com/browse/JBEAP-19185"
},
{
"category": "external",
"summary": "JBEAP-19203",
"url": "https://issues.redhat.com/browse/JBEAP-19203"
},
{
"category": "external",
"summary": "JBEAP-19269",
"url": "https://issues.redhat.com/browse/JBEAP-19269"
},
{
"category": "external",
"summary": "JBEAP-19322",
"url": "https://issues.redhat.com/browse/JBEAP-19322"
},
{
"category": "external",
"summary": "JBEAP-19325",
"url": "https://issues.redhat.com/browse/JBEAP-19325"
},
{
"category": "external",
"summary": "JBEAP-19397",
"url": "https://issues.redhat.com/browse/JBEAP-19397"
},
{
"category": "external",
"summary": "JBEAP-19410",
"url": "https://issues.redhat.com/browse/JBEAP-19410"
},
{
"category": "external",
"summary": "JBEAP-19529",
"url": "https://issues.redhat.com/browse/JBEAP-19529"
},
{
"category": "external",
"summary": "JBEAP-19564",
"url": "https://issues.redhat.com/browse/JBEAP-19564"
},
{
"category": "external",
"summary": "JBEAP-19585",
"url": "https://issues.redhat.com/browse/JBEAP-19585"
},
{
"category": "external",
"summary": "JBEAP-19617",
"url": "https://issues.redhat.com/browse/JBEAP-19617"
},
{
"category": "external",
"summary": "JBEAP-19619",
"url": "https://issues.redhat.com/browse/JBEAP-19619"
},
{
"category": "external",
"summary": "JBEAP-19673",
"url": "https://issues.redhat.com/browse/JBEAP-19673"
},
{
"category": "external",
"summary": "JBEAP-19674",
"url": "https://issues.redhat.com/browse/JBEAP-19674"
},
{
"category": "external",
"summary": "JBEAP-19874",
"url": "https://issues.redhat.com/browse/JBEAP-19874"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3462.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"tracking": {
"current_release_date": "2024-11-05T22:38:09+00:00",
"generator": {
"date": "2024-11-05T22:38:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3462",
"initial_release_date": "2020-08-17T13:28:06+00:00",
"revision_history": [
{
"date": "2020-08-17T13:28:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-17T13:28:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:38:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:06+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2020_3585
Vulnerability from csaf_redhat
Published
2020-08-31 15:40
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update
Notes
Topic
This is a security update for JBoss EAP Continuous Delivery 20.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements.
Security Fix(es):
* jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header (CVE-2020-10705)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* cxf-core: cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is a security update for JBoss EAP Continuous Delivery 20.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header (CVE-2020-10705)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* cxf-core: cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3585",
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=eap-cd\u0026version=20",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=eap-cd\u0026version=20"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/",
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/"
},
{
"category": "external",
"summary": "1607709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607709"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1715075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075"
},
{
"category": "external",
"summary": "1796617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617"
},
{
"category": "external",
"summary": "1803241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241"
},
{
"category": "external",
"summary": "1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3585.json"
}
],
"title": "Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update",
"tracking": {
"current_release_date": "2024-11-05T22:40:17+00:00",
"generator": {
"date": "2024-11-05T22:40:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3585",
"initial_release_date": "2020-08-31T15:40:22+00:00",
"revision_history": [
{
"date": "2020-08-31T15:40:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-31T15:40:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:40:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "EAP-CD 20 Tech Preview",
"product": {
"name": "EAP-CD 20 Tech Preview",
"product_id": "EAP-CD 20 Tech Preview",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd:20"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-14371",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-07-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1607709"
}
],
"notes": [
{
"category": "description",
"text": "The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14371"
},
{
"category": "external",
"summary": "RHBZ#1607709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14371",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14371"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14371"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter"
},
{
"acknowledgments": [
{
"names": [
"Brian Stansberry"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10172",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-04-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1715075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10172"
},
{
"category": "external",
"summary": "RHBZ#1715075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172"
}
],
"release_date": "2019-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720"
},
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1719",
"cwe": {
"id": "CWE-270",
"name": "Privilege Context Switching Error"
},
"discovery_date": "2019-08-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1719"
},
{
"category": "external",
"summary": "RHBZ#1796617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719"
}
],
"release_date": "2019-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain"
},
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"acknowledgments": [
{
"names": [
"An Trinh"
]
}
],
"cve": "CVE-2020-6950",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-6950"
},
{
"category": "external",
"summary": "RHBZ#1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950"
},
{
"category": "external",
"summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
"url": "https://github.com/eclipse-ee4j/mojarra/issues/4571"
},
{
"category": "external",
"summary": "https://github.com/javaserverfaces/mojarra/issues/4364",
"url": "https://github.com/javaserverfaces/mojarra/issues/4364"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"cve": "CVE-2020-10705",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1803241"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10705"
},
{
"category": "external",
"summary": "RHBZ#1803241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705"
}
],
"release_date": "2020-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this security flaw.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"ZeddYu"
]
}
],
"cve": "CVE-2020-10719",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: invalid HTTP request with large chunk size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10719"
},
{
"category": "external",
"summary": "RHBZ#1828459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10719",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719"
}
],
"release_date": "2020-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: invalid HTTP request with large chunk size"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
}
]
}
rhsa-2020_3539
Vulnerability from csaf_redhat
Published
2020-09-02 09:47
Modified
2024-11-05 22:39
Summary
Red Hat Security Advisory: Red Hat build of Thorntail 2.7.1 security and bug fix update
Notes
Topic
An update is now available for Red Hat build of Thorntail.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.
Details
This release of Red Hat build of Thorntail 2.7.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* keycloak: security headers missing on REST endpoints (CVE-2020-1728)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat build of Thorntail.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Thorntail 2.7.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* keycloak: security headers missing on REST endpoints (CVE-2020-1728)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3539",
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.1",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.thorntail\u0026version=2.7.1"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1800585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1843849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3539.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Thorntail 2.7.1 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-05T22:39:42+00:00",
"generator": {
"date": "2024-11-05T22:39:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3539",
"initial_release_date": "2020-09-02T09:47:16+00:00",
"revision_history": [
{
"date": "2020-09-02T09:47:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-02T09:47:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:39:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only RHOAR",
"product": {
"name": "Text-Only RHOAR",
"product_id": "Text-Only RHOAR",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Application Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Text-Only RHOAR"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1728",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1800585"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u2019s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: security headers missing on REST endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1728"
},
{
"category": "external",
"summary": "RHBZ#1800585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728"
}
],
"release_date": "2019-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: security headers missing on REST endpoints"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"Text-Only RHOAR"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"Text-Only RHOAR"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Text-Only RHOAR"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"acknowledgments": [
{
"names": [
"Matt Hamilton"
],
"organization": "Soluble.ai"
}
],
"cve": "CVE-2020-10758",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1843849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10758"
},
{
"category": "external",
"summary": "RHBZ#1843849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10758",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10758"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758"
}
],
"release_date": "2020-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
},
{
"category": "workaround",
"details": "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands=\u0027/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload\u0027",
"product_ids": [
"Text-Only RHOAR"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only RHOAR"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-02T09:47:16+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Text-Only RHOAR"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3539"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only RHOAR"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2020_3464
Vulnerability from csaf_redhat
Published
2020-08-17 13:25
Modified
2024-11-05 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3464",
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-19095",
"url": "https://issues.redhat.com/browse/JBEAP-19095"
},
{
"category": "external",
"summary": "JBEAP-19134",
"url": "https://issues.redhat.com/browse/JBEAP-19134"
},
{
"category": "external",
"summary": "JBEAP-19185",
"url": "https://issues.redhat.com/browse/JBEAP-19185"
},
{
"category": "external",
"summary": "JBEAP-19203",
"url": "https://issues.redhat.com/browse/JBEAP-19203"
},
{
"category": "external",
"summary": "JBEAP-19269",
"url": "https://issues.redhat.com/browse/JBEAP-19269"
},
{
"category": "external",
"summary": "JBEAP-19322",
"url": "https://issues.redhat.com/browse/JBEAP-19322"
},
{
"category": "external",
"summary": "JBEAP-19325",
"url": "https://issues.redhat.com/browse/JBEAP-19325"
},
{
"category": "external",
"summary": "JBEAP-19397",
"url": "https://issues.redhat.com/browse/JBEAP-19397"
},
{
"category": "external",
"summary": "JBEAP-19529",
"url": "https://issues.redhat.com/browse/JBEAP-19529"
},
{
"category": "external",
"summary": "JBEAP-19564",
"url": "https://issues.redhat.com/browse/JBEAP-19564"
},
{
"category": "external",
"summary": "JBEAP-19585",
"url": "https://issues.redhat.com/browse/JBEAP-19585"
},
{
"category": "external",
"summary": "JBEAP-19617",
"url": "https://issues.redhat.com/browse/JBEAP-19617"
},
{
"category": "external",
"summary": "JBEAP-19619",
"url": "https://issues.redhat.com/browse/JBEAP-19619"
},
{
"category": "external",
"summary": "JBEAP-19673",
"url": "https://issues.redhat.com/browse/JBEAP-19673"
},
{
"category": "external",
"summary": "JBEAP-19674",
"url": "https://issues.redhat.com/browse/JBEAP-19674"
},
{
"category": "external",
"summary": "JBEAP-19874",
"url": "https://issues.redhat.com/browse/JBEAP-19874"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3464.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"tracking": {
"current_release_date": "2024-11-05T22:38:41+00:00",
"generator": {
"date": "2024-11-05T22:38:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3464",
"initial_release_date": "2020-08-17T13:25:19+00:00",
"revision_history": [
{
"date": "2020-08-17T13:25:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-17T13:25:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:38:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:25:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2020_3642
Vulnerability from csaf_redhat
Published
2020-09-07 13:05
Modified
2024-11-05 22:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
• wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n\u2022 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3642",
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-18366",
"url": "https://issues.redhat.com/browse/JBEAP-18366"
},
{
"category": "external",
"summary": "JBEAP-18667",
"url": "https://issues.redhat.com/browse/JBEAP-18667"
},
{
"category": "external",
"summary": "JBEAP-18849",
"url": "https://issues.redhat.com/browse/JBEAP-18849"
},
{
"category": "external",
"summary": "JBEAP-18880",
"url": "https://issues.redhat.com/browse/JBEAP-18880"
},
{
"category": "external",
"summary": "JBEAP-18906",
"url": "https://issues.redhat.com/browse/JBEAP-18906"
},
{
"category": "external",
"summary": "JBEAP-18919",
"url": "https://issues.redhat.com/browse/JBEAP-18919"
},
{
"category": "external",
"summary": "JBEAP-18965",
"url": "https://issues.redhat.com/browse/JBEAP-18965"
},
{
"category": "external",
"summary": "JBEAP-19058",
"url": "https://issues.redhat.com/browse/JBEAP-19058"
},
{
"category": "external",
"summary": "JBEAP-19120",
"url": "https://issues.redhat.com/browse/JBEAP-19120"
},
{
"category": "external",
"summary": "JBEAP-19255",
"url": "https://issues.redhat.com/browse/JBEAP-19255"
},
{
"category": "external",
"summary": "JBEAP-19271",
"url": "https://issues.redhat.com/browse/JBEAP-19271"
},
{
"category": "external",
"summary": "JBEAP-19315",
"url": "https://issues.redhat.com/browse/JBEAP-19315"
},
{
"category": "external",
"summary": "JBEAP-19463",
"url": "https://issues.redhat.com/browse/JBEAP-19463"
},
{
"category": "external",
"summary": "JBEAP-19565",
"url": "https://issues.redhat.com/browse/JBEAP-19565"
},
{
"category": "external",
"summary": "JBEAP-19587",
"url": "https://issues.redhat.com/browse/JBEAP-19587"
},
{
"category": "external",
"summary": "JBEAP-19620",
"url": "https://issues.redhat.com/browse/JBEAP-19620"
},
{
"category": "external",
"summary": "JBEAP-19624",
"url": "https://issues.redhat.com/browse/JBEAP-19624"
},
{
"category": "external",
"summary": "JBEAP-19703",
"url": "https://issues.redhat.com/browse/JBEAP-19703"
},
{
"category": "external",
"summary": "JBEAP-19704",
"url": "https://issues.redhat.com/browse/JBEAP-19704"
},
{
"category": "external",
"summary": "JBEAP-19798",
"url": "https://issues.redhat.com/browse/JBEAP-19798"
},
{
"category": "external",
"summary": "JBEAP-19837",
"url": "https://issues.redhat.com/browse/JBEAP-19837"
},
{
"category": "external",
"summary": "JBEAP-19875",
"url": "https://issues.redhat.com/browse/JBEAP-19875"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3642.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
"tracking": {
"current_release_date": "2024-11-05T22:40:39+00:00",
"generator": {
"date": "2024-11-05T22:40:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3642",
"initial_release_date": "2020-09-07T13:05:33+00:00",
"revision_history": [
{
"date": "2020-09-07T13:05:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-09-07T13:05:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:40:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"acknowledgments": [
{
"names": [
"Mirko Selber"
],
"organization": "Compass Security"
}
],
"cve": "CVE-2020-1695",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2019-07-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1730462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1695"
},
{
"category": "external",
"summary": "RHBZ#1730462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"acknowledgments": [
{
"names": [
"An Trinh"
]
}
],
"cve": "CVE-2020-6950",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-6950"
},
{
"category": "external",
"summary": "RHBZ#1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950"
},
{
"category": "external",
"summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
"url": "https://github.com/eclipse-ee4j/mojarra/issues/4571"
},
{
"category": "external",
"summary": "https://github.com/javaserverfaces/mojarra/issues/4364",
"url": "https://github.com/javaserverfaces/mojarra/issues/4364"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371"
},
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-09-07T13:05:33+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3642"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2020_3501
Vulnerability from csaf_redhat
Published
2020-08-18 16:34
Modified
2024-11-05 22:39
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* keycloak: security headers missing on REST endpoints (CVE-2020-1728)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body (CVE-2020-10758)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* keycloak: security headers missing on REST endpoints (CVE-2020-1728)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3501",
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1800585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1843849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849"
},
{
"category": "external",
"summary": "1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3501.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.2 security update",
"tracking": {
"current_release_date": "2024-11-05T22:39:57+00:00",
"generator": {
"date": "2024-11-05T22:39:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3501",
"initial_release_date": "2020-08-18T16:34:33+00:00",
"revision_history": [
{
"date": "2020-08-18T16:34:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-18T16:34:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:39:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.4.2",
"product": {
"name": "Red Hat Single Sign-On 7.4.2",
"product_id": "Red Hat Single Sign-On 7.4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1728",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1800585"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u2019s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: security headers missing on REST endpoints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1728"
},
{
"category": "external",
"summary": "RHBZ#1800585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800585"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1728"
}
],
"release_date": "2019-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: security headers missing on REST endpoints"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"acknowledgments": [
{
"names": [
"Matt Hamilton"
],
"organization": "Soluble.ai"
}
],
"cve": "CVE-2020-10758",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1843849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10758"
},
{
"category": "external",
"summary": "RHBZ#1843849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10758",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10758"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10758"
}
],
"release_date": "2020-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
},
{
"category": "workaround",
"details": "- The possibility of this issue largely depends on the environment, specifically the load balancer or reverse proxies between the client and the server. The issue occurs when there is no load balancer in place.\n\n- Proper tuning of HTTP request timeout and keycloak database max pool size can mitigate this issue :\nbin/jboss-cli.sh --connect --commands=\u0027/subsystem=transactions:write-attribute(name=default-timeout,value=30),/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=read-timeout,value=30000),/subsystem=undertow/server=default-server/https-listener=https/:write-attribute(name=read-timeout,value=30000),/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=max-pool-size,value=100),reload\u0027",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: DoS by sending multiple simultaneous requests with a Content-Length header value greater than actual byte count of request body"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-18T16:34:33+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3501"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
rhsa-2020_3461
Vulnerability from csaf_redhat
Published
2020-08-17 13:28
Modified
2024-11-05 22:38
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3461",
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "JBEAP-19095",
"url": "https://issues.redhat.com/browse/JBEAP-19095"
},
{
"category": "external",
"summary": "JBEAP-19134",
"url": "https://issues.redhat.com/browse/JBEAP-19134"
},
{
"category": "external",
"summary": "JBEAP-19185",
"url": "https://issues.redhat.com/browse/JBEAP-19185"
},
{
"category": "external",
"summary": "JBEAP-19203",
"url": "https://issues.redhat.com/browse/JBEAP-19203"
},
{
"category": "external",
"summary": "JBEAP-19269",
"url": "https://issues.redhat.com/browse/JBEAP-19269"
},
{
"category": "external",
"summary": "JBEAP-19322",
"url": "https://issues.redhat.com/browse/JBEAP-19322"
},
{
"category": "external",
"summary": "JBEAP-19325",
"url": "https://issues.redhat.com/browse/JBEAP-19325"
},
{
"category": "external",
"summary": "JBEAP-19397",
"url": "https://issues.redhat.com/browse/JBEAP-19397"
},
{
"category": "external",
"summary": "JBEAP-19409",
"url": "https://issues.redhat.com/browse/JBEAP-19409"
},
{
"category": "external",
"summary": "JBEAP-19529",
"url": "https://issues.redhat.com/browse/JBEAP-19529"
},
{
"category": "external",
"summary": "JBEAP-19564",
"url": "https://issues.redhat.com/browse/JBEAP-19564"
},
{
"category": "external",
"summary": "JBEAP-19585",
"url": "https://issues.redhat.com/browse/JBEAP-19585"
},
{
"category": "external",
"summary": "JBEAP-19617",
"url": "https://issues.redhat.com/browse/JBEAP-19617"
},
{
"category": "external",
"summary": "JBEAP-19619",
"url": "https://issues.redhat.com/browse/JBEAP-19619"
},
{
"category": "external",
"summary": "JBEAP-19673",
"url": "https://issues.redhat.com/browse/JBEAP-19673"
},
{
"category": "external",
"summary": "JBEAP-19674",
"url": "https://issues.redhat.com/browse/JBEAP-19674"
},
{
"category": "external",
"summary": "JBEAP-19874",
"url": "https://issues.redhat.com/browse/JBEAP-19874"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3461.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"tracking": {
"current_release_date": "2024-11-05T22:38:01+00:00",
"generator": {
"date": "2024-11-05T22:38:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2020:3461",
"initial_release_date": "2020-08-17T13:28:01+00:00",
"revision_history": [
{
"date": "2020-08-17T13:28:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-17T13:28:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T22:38:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.2-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.2-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.8-1.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP11_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP04_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.48-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.7-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.19-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.2-1.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.15-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.20-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.6-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.30-4.SP4_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.1-7.Final_redhat_00009.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.22-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.2-4.GA_redhat_00002.1.el6eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src"
},
"product_reference": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1710",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: field-name is not parsed in accordance to RFC7230",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1710"
},
{
"category": "external",
"summary": "RHBZ#1793970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "EAP: field-name is not parsed in accordance to RFC7230"
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Aaron Ogburn"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10687",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2019-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1785049"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10687"
},
{
"category": "external",
"summary": "RHBZ#1785049",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10687"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"James R. Perkins"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10718",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2020-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828476"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10718"
},
{
"category": "external",
"summary": "RHBZ#1828476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828476"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10718",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10718"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
],
"known_not_affected": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
},
{
"cve": "CVE-2020-14297",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14297"
},
{
"category": "external",
"summary": "RHBZ#1853595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14297"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Some EJB transaction objects may get accumulated causing Denial of Service"
},
{
"cve": "CVE-2020-14307",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2020-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851327"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14307"
},
{
"category": "external",
"summary": "RHBZ#1851327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14307"
}
],
"release_date": "2020-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-17T13:28:01+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-validator-cdi-0:6.0.20-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.19-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jdk8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-datatype-jsr310-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-json-provider-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-module-jaxb-annotations-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.1-7.Final_redhat_00009.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.48-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.2-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.22-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.2-4.GA_redhat_00002.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service"
}
]
}
ghsa-7fhr-2694-rg79
Vulnerability from github
Published
2022-02-15 01:39
Modified
2022-11-08 20:21
Severity ?
Summary
Session Fixation in WildFly Elytron
Details
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.11.3"
},
"package": {
"ecosystem": "Maven",
"name": "org.wildfly.security:wildfly-elytron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-10714"
],
"database_specific": {
"cwe_ids": [
"CWE-384"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-24T01:26:35Z",
"nvd_published_at": "2020-09-23T13:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GHSA-7fhr-2694-rg79",
"modified": "2022-11-08T20:21:38Z",
"published": "2022-02-15T01:39:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"type": "PACKAGE",
"url": "https://github.com/wildfly-security/wildfly-elytron"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201223-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Session Fixation in WildFly Elytron"
}
gsd-2020-10714
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-10714",
"description": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GSD-2020-10714",
"references": [
"https://access.redhat.com/errata/RHSA-2021:3140",
"https://access.redhat.com/errata/RHSA-2020:4961",
"https://access.redhat.com/errata/RHSA-2020:4960",
"https://access.redhat.com/errata/RHSA-2020:3779",
"https://access.redhat.com/errata/RHSA-2020:3642",
"https://access.redhat.com/errata/RHSA-2020:3639",
"https://access.redhat.com/errata/RHSA-2020:3638",
"https://access.redhat.com/errata/RHSA-2020:3637",
"https://access.redhat.com/errata/RHSA-2020:3585",
"https://access.redhat.com/errata/RHSA-2020:3539",
"https://access.redhat.com/errata/RHSA-2020:3501",
"https://access.redhat.com/errata/RHSA-2020:3464",
"https://access.redhat.com/errata/RHSA-2020:3463",
"https://access.redhat.com/errata/RHSA-2020:3462",
"https://access.redhat.com/errata/RHSA-2020:3461"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-10714"
],
"details": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GSD-2020-10714",
"modified": "2023-12-13T01:22:04.561062Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wildfly-elytron",
"version": {
"version_data": [
{
"version_value": "wildfly-elytron 1.10.7.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201223-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201223-0002/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.11.3]",
"affected_versions": "All versions up to 1.11.3",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-384",
"CWE-937"
],
"date": "2022-06-24",
"description": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"fixed_versions": [
"1.11.4"
],
"identifier": "CVE-2020-10714",
"identifiers": [
"GHSA-7fhr-2694-rg79",
"CVE-2020-10714"
],
"not_impacted": "All versions after 1.11.3",
"package_slug": "maven/org.wildfly.security/wildfly-elytron",
"pubdate": "2022-02-15",
"solution": "Upgrade to version 1.11.4 or above.",
"title": "Session Fixation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"https://bugzilla.redhat.com/show_bug.cgi?id=1825714",
"https://security.netapp.com/advisory/ntap-20201223-0002/",
"https://github.com/advisories/GHSA-7fhr-2694-rg79"
],
"uuid": "db43a5b8-a6a7-47c9-838d-ed3aa5942a4b"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.11.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10714"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201223-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201223-0002/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-11-08T13:58Z",
"publishedDate": "2020-09-23T13:15Z"
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.