Action not permitted
Modal body text goes here.
cve-2020-1954
Vulnerability from cvelistv5
Published
2020-04-01 20:07
Modified
2024-08-04 06:54
Severity ?
EPSS score ?
Summary
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Apache | Apache CXF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
},
{
"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache CXF",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "affects all versions prior to 3.3.6 and 3.2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T09:06:50",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
},
{
"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_value": "affects all versions prior to 3.3.6 and 3.2.13"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2",
"refsource": "MISC",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
},
{
"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1954",
"datePublished": "2020-04-01T20:07:29",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-1954\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2020-04-01T21:15:14.597\",\"lastModified\":\"2023-11-07T03:19:38.010\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.\"},{\"lang\":\"es\",\"value\":\"Apache CXF posee la capacidad de integrarse con JMX mediante el registro de una extensi\u00f3n InstrumentationManager con el bus CXF. Si la propiedad \\\"createMBServerConnectorFactory\\\" del InstrumentationManagerImpl predeterminado no est\u00e1 deshabilitada, entonces es vulnerable a un ataque de estilo man-in-the-middle (MITM). Un atacante en el mismo host puede conectar con el registro y volver a vincular la entrada a otro servidor, y as\u00ed actuar como un proxy del original. Pueden luego obtener acceso a toda la informaci\u00f3n que es enviada y recibida a trav\u00e9s de JMX.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.9},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":5.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.13\",\"matchCriteriaId\":\"DFD0BC46-24B2-493D-8FF3-BF4D49A5F215\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.6\",\"matchCriteriaId\":\"18E7E391-B755-4F71-934A-B16CA8351D78\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"526E2FE5-263F-416F-8628-6CD40B865780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"B51F78F4-8D7E-48C2-86D1-D53A6EB348A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"3E5416A1-EE58-415D-9645-B6A875EBAED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66916DEB-ACE1-44E0-9535-10B3E03347AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"64DE38C8-94F1-4860-B045-F33928F676A8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\\\::*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"FAFED7F5-03FA-43B5-AD13-1130F0324448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"B51F78F4-8D7E-48C2-86D1-D53A6EB348A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"3E5416A1-EE58-415D-9645-B6A875EBAED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"11B0C37E-D7C7-45F2-A8D8-5A3B1B191430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66916DEB-ACE1-44E0-9535-10B3E03347AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"}]}]}],\"references\":[{\"url\":\"http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220210-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
rhsa-2020_4247
Vulnerability from csaf_redhat
Published
2020-10-13 17:01
Modified
2024-11-15 06:16
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.3 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)
* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)
* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)\n\n* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)\n\n* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4247",
"url": "https://access.redhat.com/errata/RHSA-2020:4247"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "JBEAP-19379",
"url": "https://issues.redhat.com/browse/JBEAP-19379"
},
{
"category": "external",
"summary": "JBEAP-19596",
"url": "https://issues.redhat.com/browse/JBEAP-19596"
},
{
"category": "external",
"summary": "JBEAP-19613",
"url": "https://issues.redhat.com/browse/JBEAP-19613"
},
{
"category": "external",
"summary": "JBEAP-19615",
"url": "https://issues.redhat.com/browse/JBEAP-19615"
},
{
"category": "external",
"summary": "JBEAP-19642",
"url": "https://issues.redhat.com/browse/JBEAP-19642"
},
{
"category": "external",
"summary": "JBEAP-19695",
"url": "https://issues.redhat.com/browse/JBEAP-19695"
},
{
"category": "external",
"summary": "JBEAP-19698",
"url": "https://issues.redhat.com/browse/JBEAP-19698"
},
{
"category": "external",
"summary": "JBEAP-19700",
"url": "https://issues.redhat.com/browse/JBEAP-19700"
},
{
"category": "external",
"summary": "JBEAP-19701",
"url": "https://issues.redhat.com/browse/JBEAP-19701"
},
{
"category": "external",
"summary": "JBEAP-19715",
"url": "https://issues.redhat.com/browse/JBEAP-19715"
},
{
"category": "external",
"summary": "JBEAP-19746",
"url": "https://issues.redhat.com/browse/JBEAP-19746"
},
{
"category": "external",
"summary": "JBEAP-19789",
"url": "https://issues.redhat.com/browse/JBEAP-19789"
},
{
"category": "external",
"summary": "JBEAP-19791",
"url": "https://issues.redhat.com/browse/JBEAP-19791"
},
{
"category": "external",
"summary": "JBEAP-19795",
"url": "https://issues.redhat.com/browse/JBEAP-19795"
},
{
"category": "external",
"summary": "JBEAP-19796",
"url": "https://issues.redhat.com/browse/JBEAP-19796"
},
{
"category": "external",
"summary": "JBEAP-19822",
"url": "https://issues.redhat.com/browse/JBEAP-19822"
},
{
"category": "external",
"summary": "JBEAP-19888",
"url": "https://issues.redhat.com/browse/JBEAP-19888"
},
{
"category": "external",
"summary": "JBEAP-19934",
"url": "https://issues.redhat.com/browse/JBEAP-19934"
},
{
"category": "external",
"summary": "JBEAP-19935",
"url": "https://issues.redhat.com/browse/JBEAP-19935"
},
{
"category": "external",
"summary": "JBEAP-19936",
"url": "https://issues.redhat.com/browse/JBEAP-19936"
},
{
"category": "external",
"summary": "JBEAP-19937",
"url": "https://issues.redhat.com/browse/JBEAP-19937"
},
{
"category": "external",
"summary": "JBEAP-19938",
"url": "https://issues.redhat.com/browse/JBEAP-19938"
},
{
"category": "external",
"summary": "JBEAP-19939",
"url": "https://issues.redhat.com/browse/JBEAP-19939"
},
{
"category": "external",
"summary": "JBEAP-19940",
"url": "https://issues.redhat.com/browse/JBEAP-19940"
},
{
"category": "external",
"summary": "JBEAP-19942",
"url": "https://issues.redhat.com/browse/JBEAP-19942"
},
{
"category": "external",
"summary": "JBEAP-19955",
"url": "https://issues.redhat.com/browse/JBEAP-19955"
},
{
"category": "external",
"summary": "JBEAP-19965",
"url": "https://issues.redhat.com/browse/JBEAP-19965"
},
{
"category": "external",
"summary": "JBEAP-20027",
"url": "https://issues.redhat.com/browse/JBEAP-20027"
},
{
"category": "external",
"summary": "JBEAP-20037",
"url": "https://issues.redhat.com/browse/JBEAP-20037"
},
{
"category": "external",
"summary": "JBEAP-20064",
"url": "https://issues.redhat.com/browse/JBEAP-20064"
},
{
"category": "external",
"summary": "JBEAP-20087",
"url": "https://issues.redhat.com/browse/JBEAP-20087"
},
{
"category": "external",
"summary": "JBEAP-20112",
"url": "https://issues.redhat.com/browse/JBEAP-20112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4247.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.3 security update",
"tracking": {
"current_release_date": "2024-11-15T06:16:36+00:00",
"generator": {
"date": "2024-11-15T06:16:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4247",
"initial_release_date": "2020-10-13T17:01:16+00:00",
"revision_history": [
{
"date": "2020-10-13T17:01:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-13T17:01:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T06:16:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "EAP 7.3.3",
"product": {
"name": "EAP 7.3.3",
"product_id": "EAP 7.3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP 7.3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T17:01:16+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"EAP 7.3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4247"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"EAP 7.3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"acknowledgments": [
{
"names": [
"Darran Lofthouse"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14299",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848533"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP 7.3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14299"
},
{
"category": "external",
"summary": "RHBZ#1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14299",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299"
}
],
"release_date": "2020-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T17:01:16+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"EAP 7.3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4247"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"EAP 7.3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass"
},
{
"cve": "CVE-2020-14338",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP 7.3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14338"
},
{
"category": "external",
"summary": "RHBZ#1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T17:01:16+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"EAP 7.3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4247"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"EAP 7.3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl"
},
{
"acknowledgments": [
{
"names": [
"Masafumi Miura"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14340",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860218"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP 7.3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14340"
},
{
"category": "external",
"summary": "RHBZ#1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340"
}
],
"release_date": "2020-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T17:01:16+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"EAP 7.3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4247"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"EAP 7.3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS"
}
]
}
rhsa-2020_3585
Vulnerability from csaf_redhat
Published
2020-08-31 15:40
Modified
2024-11-15 09:36
Summary
Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update
Notes
Topic
This is a security update for JBoss EAP Continuous Delivery 20.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements.
Security Fix(es):
* jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* undertow: Memory exhaustion issue in HttpReadListener via "Expect: 100-continue" header (CVE-2020-10705)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* cxf-core: cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is a security update for JBoss EAP Continuous Delivery 20.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header (CVE-2020-10705)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* cxf-core: cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:3585",
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=eap-cd\u0026version=20",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=eap-cd\u0026version=20"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/",
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/"
},
{
"category": "external",
"summary": "1607709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607709"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1715075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075"
},
{
"category": "external",
"summary": "1796617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617"
},
{
"category": "external",
"summary": "1803241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241"
},
{
"category": "external",
"summary": "1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1828459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3585.json"
}
],
"title": "Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update",
"tracking": {
"current_release_date": "2024-11-15T09:36:15+00:00",
"generator": {
"date": "2024-11-15T09:36:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:3585",
"initial_release_date": "2020-08-31T15:40:22+00:00",
"revision_history": [
{
"date": "2020-08-31T15:40:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-08-31T15:40:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T09:36:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "EAP-CD 20 Tech Preview",
"product": {
"name": "EAP-CD 20 Tech Preview",
"product_id": "EAP-CD 20 Tech Preview",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd:20"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-14371",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-07-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1607709"
}
],
"notes": [
{
"category": "description",
"text": "The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14371"
},
{
"category": "external",
"summary": "RHBZ#1607709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14371",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14371"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14371"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter"
},
{
"acknowledgments": [
{
"names": [
"Brian Stansberry"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-10172",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-04-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1715075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10172"
},
{
"category": "external",
"summary": "RHBZ#1715075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172"
}
],
"release_date": "2019-11-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720"
},
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2020-1719",
"cwe": {
"id": "CWE-270",
"name": "Privilege Context Switching Error"
},
"discovery_date": "2019-08-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1719"
},
{
"category": "external",
"summary": "RHBZ#1796617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719"
}
],
"release_date": "2019-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain"
},
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"acknowledgments": [
{
"names": [
"An Trinh"
]
}
],
"cve": "CVE-2020-6950",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2019-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-6950"
},
{
"category": "external",
"summary": "RHBZ#1805006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6950"
},
{
"category": "external",
"summary": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"
},
{
"category": "external",
"summary": "https://github.com/eclipse-ee4j/mojarra/issues/4571",
"url": "https://github.com/eclipse-ee4j/mojarra/issues/4571"
},
{
"category": "external",
"summary": "https://github.com/javaserverfaces/mojarra/issues/4364",
"url": "https://github.com/javaserverfaces/mojarra/issues/4364"
}
],
"release_date": "2020-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"cve": "CVE-2020-10705",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1803241"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Undertow where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10705"
},
{
"category": "external",
"summary": "RHBZ#1803241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705"
}
],
"release_date": "2020-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this security flaw.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Memory exhaustion issue in HttpReadListener via \"Expect: 100-continue\" header"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
},
{
"acknowledgments": [
{
"names": [
"ZeddYu"
]
}
],
"cve": "CVE-2020-10719",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: invalid HTTP request with large chunk size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10719"
},
{
"category": "external",
"summary": "RHBZ#1828459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10719",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719"
}
],
"release_date": "2020-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: invalid HTTP request with large chunk size"
},
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"EAP-CD 20 Tech Preview"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-11612",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816216"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"EAP-CD 20 Tech Preview"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11612"
},
{
"category": "external",
"summary": "RHBZ#1816216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
}
],
"release_date": "2020-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-08-31T15:40:22+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)",
"product_ids": [
"EAP-CD 20 Tech Preview"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:3585"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"EAP-CD 20 Tech Preview"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
}
]
}
rhsa-2020_4244
Vulnerability from csaf_redhat
Published
2020-10-13 16:49
Modified
2024-11-15 06:16
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)
* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)
* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)\n\n* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)\n\n* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4244",
"url": "https://access.redhat.com/errata/RHSA-2020:4244"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "JBEAP-19379",
"url": "https://issues.redhat.com/browse/JBEAP-19379"
},
{
"category": "external",
"summary": "JBEAP-19442",
"url": "https://issues.redhat.com/browse/JBEAP-19442"
},
{
"category": "external",
"summary": "JBEAP-19596",
"url": "https://issues.redhat.com/browse/JBEAP-19596"
},
{
"category": "external",
"summary": "JBEAP-19613",
"url": "https://issues.redhat.com/browse/JBEAP-19613"
},
{
"category": "external",
"summary": "JBEAP-19615",
"url": "https://issues.redhat.com/browse/JBEAP-19615"
},
{
"category": "external",
"summary": "JBEAP-19642",
"url": "https://issues.redhat.com/browse/JBEAP-19642"
},
{
"category": "external",
"summary": "JBEAP-19695",
"url": "https://issues.redhat.com/browse/JBEAP-19695"
},
{
"category": "external",
"summary": "JBEAP-19698",
"url": "https://issues.redhat.com/browse/JBEAP-19698"
},
{
"category": "external",
"summary": "JBEAP-19700",
"url": "https://issues.redhat.com/browse/JBEAP-19700"
},
{
"category": "external",
"summary": "JBEAP-19701",
"url": "https://issues.redhat.com/browse/JBEAP-19701"
},
{
"category": "external",
"summary": "JBEAP-19715",
"url": "https://issues.redhat.com/browse/JBEAP-19715"
},
{
"category": "external",
"summary": "JBEAP-19746",
"url": "https://issues.redhat.com/browse/JBEAP-19746"
},
{
"category": "external",
"summary": "JBEAP-19789",
"url": "https://issues.redhat.com/browse/JBEAP-19789"
},
{
"category": "external",
"summary": "JBEAP-19791",
"url": "https://issues.redhat.com/browse/JBEAP-19791"
},
{
"category": "external",
"summary": "JBEAP-19795",
"url": "https://issues.redhat.com/browse/JBEAP-19795"
},
{
"category": "external",
"summary": "JBEAP-19796",
"url": "https://issues.redhat.com/browse/JBEAP-19796"
},
{
"category": "external",
"summary": "JBEAP-19822",
"url": "https://issues.redhat.com/browse/JBEAP-19822"
},
{
"category": "external",
"summary": "JBEAP-19888",
"url": "https://issues.redhat.com/browse/JBEAP-19888"
},
{
"category": "external",
"summary": "JBEAP-19934",
"url": "https://issues.redhat.com/browse/JBEAP-19934"
},
{
"category": "external",
"summary": "JBEAP-19935",
"url": "https://issues.redhat.com/browse/JBEAP-19935"
},
{
"category": "external",
"summary": "JBEAP-19936",
"url": "https://issues.redhat.com/browse/JBEAP-19936"
},
{
"category": "external",
"summary": "JBEAP-19937",
"url": "https://issues.redhat.com/browse/JBEAP-19937"
},
{
"category": "external",
"summary": "JBEAP-19938",
"url": "https://issues.redhat.com/browse/JBEAP-19938"
},
{
"category": "external",
"summary": "JBEAP-19939",
"url": "https://issues.redhat.com/browse/JBEAP-19939"
},
{
"category": "external",
"summary": "JBEAP-19940",
"url": "https://issues.redhat.com/browse/JBEAP-19940"
},
{
"category": "external",
"summary": "JBEAP-19942",
"url": "https://issues.redhat.com/browse/JBEAP-19942"
},
{
"category": "external",
"summary": "JBEAP-19955",
"url": "https://issues.redhat.com/browse/JBEAP-19955"
},
{
"category": "external",
"summary": "JBEAP-19965",
"url": "https://issues.redhat.com/browse/JBEAP-19965"
},
{
"category": "external",
"summary": "JBEAP-20027",
"url": "https://issues.redhat.com/browse/JBEAP-20027"
},
{
"category": "external",
"summary": "JBEAP-20037",
"url": "https://issues.redhat.com/browse/JBEAP-20037"
},
{
"category": "external",
"summary": "JBEAP-20064",
"url": "https://issues.redhat.com/browse/JBEAP-20064"
},
{
"category": "external",
"summary": "JBEAP-20087",
"url": "https://issues.redhat.com/browse/JBEAP-20087"
},
{
"category": "external",
"summary": "JBEAP-20112",
"url": "https://issues.redhat.com/browse/JBEAP-20112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4244.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6",
"tracking": {
"current_release_date": "2024-11-15T06:16:51+00:00",
"generator": {
"date": "2024-11-15T06:16:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4244",
"initial_release_date": "2020-10-13T16:49:49+00:00",
"revision_history": [
{
"date": "2020-10-13T16:49:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-13T16:49:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T06:16:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-25.SP12_redhat_00013.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-25.SP12_redhat_00013.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-8.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"product": {
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"product_id": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-8.Final_redhat_00007.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-5.redhat_00011.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.9.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-2.SP03_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.7-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.3.7-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.3.7-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.3.7-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.5.3-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-codec@1.14.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP12_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.18-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-client@4.5.12-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-core@4.4.13-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.7-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.7-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.26.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@2.2.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity-engine-core@2.2.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.13-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ws-commons-XmlSchema@2.2.5-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.65.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.65.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.65.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.65.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.0.2-1.redhat_00001.1.el6eap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.17-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.1.10-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.10-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.9-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.31-1.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"product_id": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-lang@3.10.0-1.redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.3-4.GA_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.3-4.GA_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.3-4.GA_redhat_00004.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-2.Final_redhat_00002.1.el6eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-25.SP12_redhat_00013.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"product": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"product_id": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-8.Final_redhat_00007.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"product_id": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-5.redhat_00011.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana@5.9.9-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.8-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src",
"product_id": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-2.SP03_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.7-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.5.3-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-codec@1.14.0-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP12_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.18-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-client@4.5.12-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-core@4.4.13-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.7-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.26.0-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@2.2.0-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.13-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ws-commons-XmlSchema@2.2.5-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.65.0-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.0.2-1.redhat_00001.1.el6eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.17-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.1.10-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.10-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.9-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.31-1.SP1_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"product_id": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-lang@3.10.0-1.redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"product_id": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.3-4.GA_redhat_00004.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"product": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"product_id": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-3.redhat_1.el6eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-2.Final_redhat_00002.1.el6eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"product_id": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-3.redhat_1.el6eap?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-3.redhat_1.el6eap?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src"
},
"product_reference": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src"
},
"product_reference": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch"
},
"product_reference": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:49:49+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4244"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"acknowledgments": [
{
"names": [
"Darran Lofthouse"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14299",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848533"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14299"
},
{
"category": "external",
"summary": "RHBZ#1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14299",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299"
}
],
"release_date": "2020-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:49:49+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4244"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass"
},
{
"cve": "CVE-2020-14338",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14338"
},
{
"category": "external",
"summary": "RHBZ#1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:49:49+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4244"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl"
},
{
"acknowledgments": [
{
"names": [
"Masafumi Miura"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14340",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860218"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14340"
},
{
"category": "external",
"summary": "RHBZ#1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340"
}
],
"release_date": "2020-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:49:49+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4244"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.src",
"6Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS"
}
]
}
rhsa-2020_4960
Vulnerability from csaf_redhat
Published
2020-11-05 18:47
Modified
2024-11-15 08:39
Summary
Red Hat Security Advisory: Red Hat Decision Manager 7.9.0 security update
Notes
Topic
An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* ant: insecure temporary file vulnerability (CVE-2020-1945)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)
* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Decision Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model \u0026 Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4960",
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "1848617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
},
{
"category": "external",
"summary": "1851014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
},
{
"category": "external",
"summary": "1851019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
},
{
"category": "external",
"summary": "1851022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4960.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Decision Manager 7.9.0 security update",
"tracking": {
"current_release_date": "2024-11-15T08:39:25+00:00",
"generator": {
"date": "2024-11-15T08:39:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4960",
"initial_release_date": "2020-11-05T18:47:03+00:00",
"revision_history": [
{
"date": "2020-11-05T18:47:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-05T18:47:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:39:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHDM 7.9.0",
"product": {
"name": "RHDM 7.9.0",
"product_id": "RHDM 7.9.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Decision Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"RHDM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2019-17566",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: SSRF via \"xlink:href\"",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17566"
},
{
"category": "external",
"summary": "RHBZ#1848617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566"
}
],
"release_date": "2020-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: SSRF via \"xlink:href\""
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-1945",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-05-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1837444"
}
],
"notes": [
{
"category": "description",
"text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ant: insecure temporary file vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1945"
},
{
"category": "external",
"summary": "RHBZ#1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
}
],
"release_date": "2020-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "workaround",
"details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
"product_ids": [
"RHDM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ant: insecure temporary file vulnerability"
},
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"cve": "CVE-2020-2875",
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2875"
},
{
"category": "external",
"summary": "RHBZ#1851019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
},
{
"cve": "CVE-2020-2933",
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection, causing a denial of service of the MySQL Connectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2933"
},
{
"category": "external",
"summary": "RHBZ#1851022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS"
},
{
"cve": "CVE-2020-2934",
"discovery_date": "2020-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851014"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2934"
},
{
"category": "external",
"summary": "RHBZ#1851014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"RHDM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHDM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:47:03+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHDM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4960"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"RHDM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHDM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
}
]
}
rhsa-2020_4246
Vulnerability from csaf_redhat
Published
2020-10-13 16:50
Modified
2024-11-15 06:17
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)
* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)
* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)\n\n* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)\n\n* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4246",
"url": "https://access.redhat.com/errata/RHSA-2020:4246"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "JBEAP-19379",
"url": "https://issues.redhat.com/browse/JBEAP-19379"
},
{
"category": "external",
"summary": "JBEAP-19442",
"url": "https://issues.redhat.com/browse/JBEAP-19442"
},
{
"category": "external",
"summary": "JBEAP-19443",
"url": "https://issues.redhat.com/browse/JBEAP-19443"
},
{
"category": "external",
"summary": "JBEAP-19596",
"url": "https://issues.redhat.com/browse/JBEAP-19596"
},
{
"category": "external",
"summary": "JBEAP-19613",
"url": "https://issues.redhat.com/browse/JBEAP-19613"
},
{
"category": "external",
"summary": "JBEAP-19615",
"url": "https://issues.redhat.com/browse/JBEAP-19615"
},
{
"category": "external",
"summary": "JBEAP-19642",
"url": "https://issues.redhat.com/browse/JBEAP-19642"
},
{
"category": "external",
"summary": "JBEAP-19695",
"url": "https://issues.redhat.com/browse/JBEAP-19695"
},
{
"category": "external",
"summary": "JBEAP-19698",
"url": "https://issues.redhat.com/browse/JBEAP-19698"
},
{
"category": "external",
"summary": "JBEAP-19700",
"url": "https://issues.redhat.com/browse/JBEAP-19700"
},
{
"category": "external",
"summary": "JBEAP-19701",
"url": "https://issues.redhat.com/browse/JBEAP-19701"
},
{
"category": "external",
"summary": "JBEAP-19715",
"url": "https://issues.redhat.com/browse/JBEAP-19715"
},
{
"category": "external",
"summary": "JBEAP-19746",
"url": "https://issues.redhat.com/browse/JBEAP-19746"
},
{
"category": "external",
"summary": "JBEAP-19789",
"url": "https://issues.redhat.com/browse/JBEAP-19789"
},
{
"category": "external",
"summary": "JBEAP-19791",
"url": "https://issues.redhat.com/browse/JBEAP-19791"
},
{
"category": "external",
"summary": "JBEAP-19795",
"url": "https://issues.redhat.com/browse/JBEAP-19795"
},
{
"category": "external",
"summary": "JBEAP-19796",
"url": "https://issues.redhat.com/browse/JBEAP-19796"
},
{
"category": "external",
"summary": "JBEAP-19822",
"url": "https://issues.redhat.com/browse/JBEAP-19822"
},
{
"category": "external",
"summary": "JBEAP-19888",
"url": "https://issues.redhat.com/browse/JBEAP-19888"
},
{
"category": "external",
"summary": "JBEAP-19934",
"url": "https://issues.redhat.com/browse/JBEAP-19934"
},
{
"category": "external",
"summary": "JBEAP-19935",
"url": "https://issues.redhat.com/browse/JBEAP-19935"
},
{
"category": "external",
"summary": "JBEAP-19936",
"url": "https://issues.redhat.com/browse/JBEAP-19936"
},
{
"category": "external",
"summary": "JBEAP-19937",
"url": "https://issues.redhat.com/browse/JBEAP-19937"
},
{
"category": "external",
"summary": "JBEAP-19938",
"url": "https://issues.redhat.com/browse/JBEAP-19938"
},
{
"category": "external",
"summary": "JBEAP-19939",
"url": "https://issues.redhat.com/browse/JBEAP-19939"
},
{
"category": "external",
"summary": "JBEAP-19940",
"url": "https://issues.redhat.com/browse/JBEAP-19940"
},
{
"category": "external",
"summary": "JBEAP-19942",
"url": "https://issues.redhat.com/browse/JBEAP-19942"
},
{
"category": "external",
"summary": "JBEAP-19955",
"url": "https://issues.redhat.com/browse/JBEAP-19955"
},
{
"category": "external",
"summary": "JBEAP-19965",
"url": "https://issues.redhat.com/browse/JBEAP-19965"
},
{
"category": "external",
"summary": "JBEAP-20027",
"url": "https://issues.redhat.com/browse/JBEAP-20027"
},
{
"category": "external",
"summary": "JBEAP-20037",
"url": "https://issues.redhat.com/browse/JBEAP-20037"
},
{
"category": "external",
"summary": "JBEAP-20064",
"url": "https://issues.redhat.com/browse/JBEAP-20064"
},
{
"category": "external",
"summary": "JBEAP-20087",
"url": "https://issues.redhat.com/browse/JBEAP-20087"
},
{
"category": "external",
"summary": "JBEAP-20112",
"url": "https://issues.redhat.com/browse/JBEAP-20112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4246.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7",
"tracking": {
"current_release_date": "2024-11-15T06:17:00+00:00",
"generator": {
"date": "2024-11-15T06:17:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4246",
"initial_release_date": "2020-10-13T16:50:20+00:00",
"revision_history": [
{
"date": "2020-10-13T16:50:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-13T16:50:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T06:17:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-25.SP12_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-25.SP12_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-8.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"product": {
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"product_id": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-8.Final_redhat_00007.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.9.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-5.redhat_00011.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-2.SP03_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP12_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.3.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.3.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.3.7-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.5.3-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-codec@1.14.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-client@4.5.12-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-core@4.4.13-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.7-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.7-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.26.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@2.2.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity-engine-core@2.2.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.13-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ws-commons-XmlSchema@2.2.5-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.65.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.65.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.65.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.65.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.0.2-1.redhat_00001.1.el7eap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.1.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.10-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.31-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-lang@3.10.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.3-4.GA_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.3-4.GA_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.3-4.GA_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.3-4.GA_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.3-4.GA_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-25.SP12_redhat_00013.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"product": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"product_id": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-8.Final_redhat_00007.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana@5.9.9-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-5.redhat_00011.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src",
"product_id": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-2.SP03_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP12_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.7-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.5.3-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-codec@1.14.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.18-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-client@4.5.12-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-core@4.4.13-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.7-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.26.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@2.2.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.13-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ws-commons-XmlSchema@2.2.5-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.65.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.0.2-1.redhat_00001.1.el7eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.1.10-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.10-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.9-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.31-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-lang@3.10.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.3-4.GA_redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"product": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"product_id": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-3.redhat_1.el7eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-2.Final_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"product_id": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-3.redhat_1.el7eap?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-3.redhat_1.el7eap?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src"
},
"product_reference": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src"
},
"product_reference": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch"
},
"product_reference": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:50:20+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4246"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"acknowledgments": [
{
"names": [
"Darran Lofthouse"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14299",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848533"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14299"
},
{
"category": "external",
"summary": "RHBZ#1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14299",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299"
}
],
"release_date": "2020-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:50:20+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4246"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass"
},
{
"cve": "CVE-2020-14338",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14338"
},
{
"category": "external",
"summary": "RHBZ#1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:50:20+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4246"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl"
},
{
"acknowledgments": [
{
"names": [
"Masafumi Miura"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14340",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860218"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14340"
},
{
"category": "external",
"summary": "RHBZ#1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340"
}
],
"release_date": "2020-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:50:20+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4246"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.src",
"7Server-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS"
}
]
}
rhsa-2020_4931
Vulnerability from csaf_redhat
Published
2020-11-04 19:24
Modified
2024-11-15 08:38
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.4.3 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.4.3 serves as a replacement for Red Hat Single Sign-On 7.4.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)
* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)
* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)
* keycloak: user can manage resources with just "view-profile" role using new Account Console (CVE-2020-14389)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* keycloak: OIDC redirect_uri allows dangerous schemes resulting in potential XSS (CVE-2020-10776)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.3 serves as a replacement for Red Hat Single Sign-On 7.4.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)\n\n* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)\n\n* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)\n\n* keycloak: user can manage resources with just \"view-profile\" role using new Account Console (CVE-2020-14389)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* keycloak: OIDC redirect_uri allows dangerous schemes resulting in potential XSS (CVE-2020-10776)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4931",
"url": "https://access.redhat.com/errata/RHSA-2020:4931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1847428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428"
},
{
"category": "external",
"summary": "1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "1875843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875843"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.3 security update",
"tracking": {
"current_release_date": "2024-11-15T08:38:47+00:00",
"generator": {
"date": "2024-11-15T08:38:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4931",
"initial_release_date": "2020-11-04T19:24:13+00:00",
"revision_history": [
{
"date": "2020-11-04T19:24:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-04T19:24:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:38:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7.4.3",
"product": {
"name": "Red Hat Single Sign-On 7.4.3",
"product_id": "Red Hat Single Sign-On 7.4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T19:24:13+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"acknowledgments": [
{
"names": [
"Lauritz Holtmann"
],
"organization": "Chair for Network and Data Security at Ruhr University Bochum"
}
],
"cve": "CVE-2020-10776",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1847428"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: OIDC redirect_uri allows dangerous schemes resulting in potential XSS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10776"
},
{
"category": "external",
"summary": "RHBZ#1847428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10776"
}
],
"release_date": "2020-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T19:24:13+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4931"
},
{
"category": "workaround",
"details": "Trusted Hosts Policy could be used to mitigate this attack : \nhttps://www.keycloak.org/docs/latest/securing_apps/index.html#client-registration-policies",
"product_ids": [
"Red Hat Single Sign-On 7.4.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: OIDC redirect_uri allows dangerous schemes resulting in potential XSS"
},
{
"acknowledgments": [
{
"names": [
"Darran Lofthouse"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14299",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848533"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14299"
},
{
"category": "external",
"summary": "RHBZ#1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14299",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299"
}
],
"release_date": "2020-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T19:24:13+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass"
},
{
"cve": "CVE-2020-14338",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14338"
},
{
"category": "external",
"summary": "RHBZ#1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T19:24:13+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl"
},
{
"acknowledgments": [
{
"names": [
"Masafumi Miura"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14340",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860218"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14340"
},
{
"category": "external",
"summary": "RHBZ#1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340"
}
],
"release_date": "2020-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T19:24:13+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS"
},
{
"acknowledgments": [
{
"names": [
"Dirk van Veen"
],
"organization": "The S-Unit"
}
],
"cve": "CVE-2020-14366",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2020-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1869764"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in keycloak. A path traversal, using URL-encoded path segments in a request, is possible due to transformation of the URL path to a file path at the resource endpoint. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: path traversal in resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14366"
},
{
"category": "external",
"summary": "RHBZ#1869764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14366"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14366",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14366"
}
],
"release_date": "2020-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T19:24:13+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: path traversal in resources"
},
{
"acknowledgments": [
{
"names": [
"V\u00e1clav Muzik\u00e1\u0159"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14389",
"cwe": {
"id": "CWE-916",
"name": "Use of Password Hash With Insufficient Computational Effort"
},
"discovery_date": "2020-08-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1875843"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: user can manage resources with just \"view-profile\" role using new Account Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7.4.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14389"
},
{
"category": "external",
"summary": "RHBZ#1875843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14389",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14389"
}
],
"release_date": "2020-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-04T19:24:13+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Single Sign-On 7.4.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7.4.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: user can manage resources with just \"view-profile\" role using new Account Console"
}
]
}
rhsa-2020_4245
Vulnerability from csaf_redhat
Published
2020-10-13 16:50
Modified
2024-11-15 06:16
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)
* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)
* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)\n\n* wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)\n\n* xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4245",
"url": "https://access.redhat.com/errata/RHSA-2020:4245"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "JBEAP-19379",
"url": "https://issues.redhat.com/browse/JBEAP-19379"
},
{
"category": "external",
"summary": "JBEAP-19444",
"url": "https://issues.redhat.com/browse/JBEAP-19444"
},
{
"category": "external",
"summary": "JBEAP-19596",
"url": "https://issues.redhat.com/browse/JBEAP-19596"
},
{
"category": "external",
"summary": "JBEAP-19613",
"url": "https://issues.redhat.com/browse/JBEAP-19613"
},
{
"category": "external",
"summary": "JBEAP-19615",
"url": "https://issues.redhat.com/browse/JBEAP-19615"
},
{
"category": "external",
"summary": "JBEAP-19642",
"url": "https://issues.redhat.com/browse/JBEAP-19642"
},
{
"category": "external",
"summary": "JBEAP-19695",
"url": "https://issues.redhat.com/browse/JBEAP-19695"
},
{
"category": "external",
"summary": "JBEAP-19698",
"url": "https://issues.redhat.com/browse/JBEAP-19698"
},
{
"category": "external",
"summary": "JBEAP-19700",
"url": "https://issues.redhat.com/browse/JBEAP-19700"
},
{
"category": "external",
"summary": "JBEAP-19701",
"url": "https://issues.redhat.com/browse/JBEAP-19701"
},
{
"category": "external",
"summary": "JBEAP-19715",
"url": "https://issues.redhat.com/browse/JBEAP-19715"
},
{
"category": "external",
"summary": "JBEAP-19746",
"url": "https://issues.redhat.com/browse/JBEAP-19746"
},
{
"category": "external",
"summary": "JBEAP-19789",
"url": "https://issues.redhat.com/browse/JBEAP-19789"
},
{
"category": "external",
"summary": "JBEAP-19791",
"url": "https://issues.redhat.com/browse/JBEAP-19791"
},
{
"category": "external",
"summary": "JBEAP-19795",
"url": "https://issues.redhat.com/browse/JBEAP-19795"
},
{
"category": "external",
"summary": "JBEAP-19796",
"url": "https://issues.redhat.com/browse/JBEAP-19796"
},
{
"category": "external",
"summary": "JBEAP-19822",
"url": "https://issues.redhat.com/browse/JBEAP-19822"
},
{
"category": "external",
"summary": "JBEAP-19888",
"url": "https://issues.redhat.com/browse/JBEAP-19888"
},
{
"category": "external",
"summary": "JBEAP-19934",
"url": "https://issues.redhat.com/browse/JBEAP-19934"
},
{
"category": "external",
"summary": "JBEAP-19935",
"url": "https://issues.redhat.com/browse/JBEAP-19935"
},
{
"category": "external",
"summary": "JBEAP-19936",
"url": "https://issues.redhat.com/browse/JBEAP-19936"
},
{
"category": "external",
"summary": "JBEAP-19937",
"url": "https://issues.redhat.com/browse/JBEAP-19937"
},
{
"category": "external",
"summary": "JBEAP-19938",
"url": "https://issues.redhat.com/browse/JBEAP-19938"
},
{
"category": "external",
"summary": "JBEAP-19939",
"url": "https://issues.redhat.com/browse/JBEAP-19939"
},
{
"category": "external",
"summary": "JBEAP-19940",
"url": "https://issues.redhat.com/browse/JBEAP-19940"
},
{
"category": "external",
"summary": "JBEAP-19942",
"url": "https://issues.redhat.com/browse/JBEAP-19942"
},
{
"category": "external",
"summary": "JBEAP-19955",
"url": "https://issues.redhat.com/browse/JBEAP-19955"
},
{
"category": "external",
"summary": "JBEAP-19965",
"url": "https://issues.redhat.com/browse/JBEAP-19965"
},
{
"category": "external",
"summary": "JBEAP-20027",
"url": "https://issues.redhat.com/browse/JBEAP-20027"
},
{
"category": "external",
"summary": "JBEAP-20037",
"url": "https://issues.redhat.com/browse/JBEAP-20037"
},
{
"category": "external",
"summary": "JBEAP-20064",
"url": "https://issues.redhat.com/browse/JBEAP-20064"
},
{
"category": "external",
"summary": "JBEAP-20087",
"url": "https://issues.redhat.com/browse/JBEAP-20087"
},
{
"category": "external",
"summary": "JBEAP-20112",
"url": "https://issues.redhat.com/browse/JBEAP-20112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4245.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8",
"tracking": {
"current_release_date": "2024-11-15T06:16:42+00:00",
"generator": {
"date": "2024-11-15T06:16:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4245",
"initial_release_date": "2020-10-13T16:50:02+00:00",
"revision_history": [
{
"date": "2020-10-13T16:50:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-13T16:50:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T06:16:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for BaseOS-8",
"product": {
"name": "Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"product_id": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-25.SP12_redhat_00013.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"product": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"product_id": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-25.SP12_redhat_00013.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-8.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"product_id": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-8.Final_redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.9.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.8-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.8-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-5.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-2.SP03_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.3.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.3.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.3.7-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.5.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-codec@1.14.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP12_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-client@4.5.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-core@4.4.13-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.7-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.7-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.26.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@2.2.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity-engine-core@2.2.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.13-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ws-commons-XmlSchema@2.2.5-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.65.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.65.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.65.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.65.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.0.2-1.redhat_00001.1.el8eap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.1.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.10-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.31-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-lang@3.10.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.3-4.GA_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.3-4.GA_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.3-4.GA_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-2.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"product": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"product_id": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-25.SP12_redhat_00013.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"product": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"product_id": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-8.Final_redhat_00007.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-narayana@5.9.9-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.8-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"product_id": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-5.redhat_00011.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src",
"product_id": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-2.SP03_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.7-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.5.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-codec@1.14.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.9-11.SP12_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.18-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-client@4.5.12-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-httpcomponents-core@4.4.13-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.7-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.26.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@2.2.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.13-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ws-commons-XmlSchema@2.2.5-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.65.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.0.2-1.redhat_00001.1.el8eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups@4.1.10-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.10-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.9-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.31-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-lang@3.10.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.3-4.GA_redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"product": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"product_id": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-3.redhat_1.el8eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-2.Final_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"product_id": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-3.redhat_1.el8eap?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-3.redhat_1.el8eap?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src"
},
"product_reference": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src"
},
"product_reference": "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src"
},
"product_reference": "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch"
},
"product_reference": "eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:50:02+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4245"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"acknowledgments": [
{
"names": [
"Darran Lofthouse"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14299",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2020-05-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848533"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14299"
},
{
"category": "external",
"summary": "RHBZ#1848533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14299",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14299"
}
],
"release_date": "2020-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:50:02+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4245"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass"
},
{
"cve": "CVE-2020-14338",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly\u0027s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the \"use-grammar-pool-only\" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14338"
},
{
"category": "external",
"summary": "RHBZ#1860054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14338"
}
],
"release_date": "2020-08-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:50:02+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4245"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl"
},
{
"acknowledgments": [
{
"names": [
"Masafumi Miura"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-14340",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1860218"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14340"
},
{
"category": "external",
"summary": "RHBZ#1860218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14340",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14340"
}
],
"release_date": "2020-07-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-13T16:50:02+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4245"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-cli-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-commons-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-core-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-dto-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jdbc-store-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-client-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-jms-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-journal-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-activemq-artemis-ra-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-selector-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-server-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-service-extensions-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-activemq-artemis-tools-0:2.9.0-5.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-apache-cxf-rt-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-services-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-apache-cxf-tools-0:3.3.7-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.src",
"8Base-JBEAP-7.3:eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-bouncycastle-mail-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-pkix-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-bouncycastle-prov-0:1.65.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-hibernate-core-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-envers-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-hibernate-java8-0:5.3.18-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jberet-core-0:1.3.7-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-2.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-narayana-compensations-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbosstxbridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jbossxts-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-idlj-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-jts-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-api-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-bridge-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-integration-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-restat-util-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-narayana-txframework-0:5.9.9-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketbox-infinispan-0:5.0.3-8.Final_redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-picketlink-wildfly8-0:2.5.5-25.SP12_redhat_00013.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-velocity-engine-core-0:2.2.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.8-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-modules-0:7.3.3-4.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS"
}
]
}
rhsa-2020_4961
Vulnerability from csaf_redhat
Published
2020-11-05 18:48
Modified
2024-11-15 08:39
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.9.0 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* ant: insecure temporary file vulnerability (CVE-2020-1945)
* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)
* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)
* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4961",
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/"
},
{
"category": "external",
"summary": "1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "1848617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
},
{
"category": "external",
"summary": "1851014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
},
{
"category": "external",
"summary": "1851019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
},
{
"category": "external",
"summary": "1851022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4961.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.9.0 security update",
"tracking": {
"current_release_date": "2024-11-15T08:39:18+00:00",
"generator": {
"date": "2024-11-15T08:39:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:4961",
"initial_release_date": "2020-11-05T18:48:33+00:00",
"revision_history": [
{
"date": "2020-11-05T18:48:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-05T18:48:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:39:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.9.0",
"product": {
"name": "RHPAM 7.9.0",
"product_id": "RHPAM 7.9.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Guillaume Smet"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2019-14900",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2019-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1666499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate: SQL injection issue in Hibernate ORM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "RHBZ#1666499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
}
],
"release_date": "2020-05-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"RHPAM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate: SQL injection issue in Hibernate ORM"
},
{
"cve": "CVE-2019-17566",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2020-06-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1848617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: SSRF via \"xlink:href\"",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-17566"
},
{
"category": "external",
"summary": "RHBZ#1848617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-17566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566"
}
],
"release_date": "2020-06-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: SSRF via \"xlink:href\""
},
{
"cve": "CVE-2020-1748",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1748"
},
{
"category": "external",
"summary": "RHBZ#1807707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
},
{
"cve": "CVE-2020-1945",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-05-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1837444"
}
],
"notes": [
{
"category": "description",
"text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ant: insecure temporary file vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1945"
},
{
"category": "external",
"summary": "RHBZ#1837444",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
}
],
"release_date": "2020-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "workaround",
"details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
"product_ids": [
"RHPAM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ant: insecure temporary file vulnerability"
},
{
"cve": "CVE-2020-1954",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1824301"
}
],
"notes": [
{
"category": "description",
"text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf: JMX integration is vulnerable to a MITM attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1954"
},
{
"category": "external",
"summary": "RHBZ#1824301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
}
],
"release_date": "2020-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cxf: JMX integration is vulnerable to a MITM attack"
},
{
"cve": "CVE-2020-2875",
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2875"
},
{
"category": "external",
"summary": "RHBZ#1851019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
},
{
"cve": "CVE-2020-2933",
"discovery_date": "2020-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection, causing a denial of service of the MySQL Connectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2933"
},
{
"category": "external",
"summary": "RHBZ#1851022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS"
},
{
"cve": "CVE-2020-2934",
"discovery_date": "2020-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1851014"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way:\n\n # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n # yum install rh-mariadb103-mariadb-java-client",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-2934"
},
{
"category": "external",
"summary": "RHBZ#1851014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
},
{
"acknowledgments": [
{
"names": [
"Adith Sudhakar"
]
}
],
"cve": "CVE-2020-10683",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1694235"
}
],
"notes": [
{
"category": "description",
"text": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dom4j: XML External Entity vulnerability in default SAX parser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable version of dom4j library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10683"
},
{
"category": "external",
"summary": "RHBZ#1694235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
}
],
"release_date": "2020-04-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dom4j: XML External Entity vulnerability in default SAX parser"
},
{
"acknowledgments": [
{
"names": [
"Alvaro Mu\u00f1oz"
],
"organization": "GitHub Security Labs"
}
],
"cve": "CVE-2020-10693",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1805501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10693"
},
{
"category": "external",
"summary": "RHBZ#1805501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
}
],
"release_date": "2020-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "workaround",
"details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
"product_ids": [
"RHPAM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
},
{
"acknowledgments": [
{
"names": [
"Mark Banierink"
],
"organization": "Nedap"
}
],
"cve": "CVE-2020-10714",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2020-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1825714"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: session fixation when using FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.9.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10714"
},
{
"category": "external",
"summary": "RHBZ#1825714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
}
],
"release_date": "2020-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-05T18:48:33+00:00",
"details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHPAM 7.9.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4961"
},
{
"category": "workaround",
"details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~",
"product_ids": [
"RHPAM 7.9.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.9.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: session fixation when using FORM authentication"
}
]
}
ghsa-ffm7-7r8g-77xm
Vulnerability from github
Published
2022-02-10 22:38
Modified
2023-09-26 10:43
Severity ?
Summary
Apache CXF JMX Integration is vulnerable to a MITM attack
Details
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the createMBServerConnectorFactory property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-rt-management"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-rt-management"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1954"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-07T18:12:21Z",
"nvd_published_at": "2020-04-01T21:15:00Z",
"severity": "MODERATE"
},
"details": "Apache CXF has the ability to integrate with JMX by registering an `InstrumentationManager` extension with the CXF bus. If the `createMBServerConnectorFactory` property of the default `InstrumentationManagerImpl` is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"id": "GHSA-ffm7-7r8g-77xm",
"modified": "2023-09-26T10:43:36Z",
"published": "2022-02-10T22:38:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
},
{
"type": "WEB",
"url": "https://github.com/apache/cxf/commit/1cf4fed546904a4a2560f53a2a2391d834b4026c"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220210-0001"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache CXF JMX Integration is vulnerable to a MITM attack"
}
gsd-2020-1954
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-1954",
"description": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"id": "GSD-2020-1954",
"references": [
"https://access.redhat.com/errata/RHSA-2020:4961",
"https://access.redhat.com/errata/RHSA-2020:4960",
"https://access.redhat.com/errata/RHSA-2020:4931",
"https://access.redhat.com/errata/RHSA-2020:4247",
"https://access.redhat.com/errata/RHSA-2020:4246",
"https://access.redhat.com/errata/RHSA-2020:4245",
"https://access.redhat.com/errata/RHSA-2020:4244",
"https://access.redhat.com/errata/RHSA-2020:3585"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-1954"
],
"details": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"id": "GSD-2020-1954",
"modified": "2023-12-13T01:21:58.344099Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_value": "affects all versions prior to 3.3.6 and 3.2.13"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2",
"refsource": "MISC",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
},
{
"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,3.2.13),[3.3.0,3.3.6)",
"affected_versions": "All versions before 3.2.13, all versions starting from 3.3.0 before 3.3.6",
"cvss_v2": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2021-07-21",
"description": "Apache CXF has the ability to integrate with JMX by registering an `InstrumentationManager` extension with the CXF bus. If the `createMBServerConnectorFactory` property of the default `InstrumentationManagerImpl` is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack.",
"fixed_versions": [
"3.2.13",
"3.3.6"
],
"identifier": "CVE-2020-1954",
"identifiers": [
"CVE-2020-1954"
],
"not_impacted": "All versions starting from 3.2.13 before 3.3.0, all versions starting from 3.3.6",
"package_slug": "maven/org.apache.cxf/cxf-core",
"pubdate": "2020-04-01",
"solution": "Upgrade to versions 3.2.13, 3.3.6 or above.",
"title": "Information Exposure",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
],
"uuid": "5fcd3828-c250-419f-b1cf-cde15007fbc3"
},
{
"affected_range": "(,3.2.13),[3.3.0,3.3.6)",
"affected_versions": "All versions before 3.2.13, all versions starting from 3.3.0 before 3.3.6",
"cvss_v2": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2021-07-21",
"description": "Apache CXF has the ability to integrate with JMX by registering an `InstrumentationManager` extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default `InstrumentationManagerImpl` is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"fixed_versions": [
"3.2.13",
"3.3.6"
],
"identifier": "CVE-2020-1954",
"identifiers": [
"CVE-2020-1954"
],
"not_impacted": "All versions starting from 3.2.13 before 3.3.0, all versions starting from 3.3.6",
"package_slug": "maven/org.apache.cxf/cxf-rt-management",
"pubdate": "2020-04-01",
"solution": "Upgrade to versions 3.2.13, 3.3.6 or above.",
"title": "Information Exposure",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
],
"uuid": "6a0dcb68-c768-49aa-9bed-28102c7d966f"
},
{
"affected_range": "(,3.3.6)",
"affected_versions": "All versions before 3.3.6",
"cvss_v2": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-11",
"description": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
"fixed_versions": [
"3.3.6"
],
"identifier": "CVE-2020-1954",
"identifiers": [
"GHSA-ffm7-7r8g-77xm",
"CVE-2020-1954"
],
"not_impacted": "All versions starting from 3.3.6",
"package_slug": "maven/org.apache.cxf/cxf",
"pubdate": "2022-02-10",
"solution": "Upgrade to version 3.3.6 or above.",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in Apache CXF",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E",
"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2",
"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20220210-0001/",
"https://github.com/advisories/GHSA-ffm7-7r8g-77xm"
],
"uuid": "7b3d4613-c873-437f-9496-7ad561ff8558"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1954"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
"refsource": "MLIST",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0001/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-02-21T02:52Z",
"publishedDate": "2020-04-01T21:15Z"
}
}
}
var-202004-0983
Vulnerability from variot
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. Apache CXF There is an information leakage vulnerability in.Information may be obtained. Apache CXF is an open source Web service framework of the Apache Software Foundation. The framework supports a variety of Web service standards, a variety of front-end programming API and so on.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8 Advisory ID: RHSA-2020:4245-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:4245 Issue date: 2020-10-13 CVE Names: CVE-2020-1954 CVE-2020-14299 CVE-2020-14338 CVE-2020-14340 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)
-
wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)
-
xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)
-
cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1848533 - CVE-2020-14299 picketbox: JBoss EAP reload to admin-only mode allows authentication bypass 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-19379 - GSS Upgrade Hibernate ORM from 5.3.17 to 5.3.18 JBEAP-19444 - Tracker bug for the EAP 7.3.3 release for RHEL-8 JBEAP-19596 - GSS CMTOOL-277 - Migration from EAP 6.4 Update 22 to EAP 7.3 create a misspelled 'Application Realm' JBEAP-19613 - (7.3.z) ELY-1975 - Update AcmeClientSpi#obtainCertificate so that it obtains the order URL from the response to newOrder JBEAP-19615 - (7.3.z) ELY-1968 - Update error message returned by AcmeClientSpi#getLocation JBEAP-19642 - (7.3.z) Upgrade jberet-core from 1.3.5.Final to 1.3.7.Final JBEAP-19695 - GSS Upgrade Apache CXF from 3.3.5 to 3.3.7 JBEAP-19698 - GSS Upgrade Invocation from 1.5.2.Final-redhat-00001 to 1.5.3.Final... JBEAP-19700 - GSS Upgrade Migration Tool from 1.7.1-redhat-00003 to 1.7.2-redhat-00001 JBEAP-19701 - GSS Upgrade jgroups from 4.1.4.Final-redhat-00001 to 4.1.10.Final-redhat-00001 JBEAP-19715 - GSS Upgrade Artemis Native to 1.0.2 JBEAP-19746 - GSS Upgrade JBoss Log Manager from 2.1.15 to 2.1.17 JBEAP-19789 - GSS Upgrade Narayana from 5.9.8.Final to 5.9.9.Final JBEAP-19791 - GSS Upgrade HAL from 3.2.9.Final-redhat-00001 to 3.2.10.Final-redhat-00001 JBEAP-19795 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP11-redhat-00001 to 2.3.9.SP12-redhat-00001 JBEAP-19796 - GSS Upgrade Artemis from 2.9.0.redhat-00010 to 2.9.0.redhat-00011 JBEAP-19822 - (7.3.z) Upgrade MP fault-tolerance to 2.1.1 JBEAP-19888 - (7.3.z) Upgrade SmallRye OpenAPI to 1.1.23 JBEAP-19934 - (7.3.z) Upgrade bouncycastle to 1.65 JBEAP-19935 - (7.3.z) Upgrade commons-codec to 1.14 JBEAP-19936 - (7.3.z) Upgrade commons-lang3 from 3.9 to 3.10 JBEAP-19937 - (7.3.z) Upgrade snakeyaml to 1.26 JBEAP-19938 - (7.3.z) Upgrade velocity to 2.2 JBEAP-19939 - (7.3.z) Upgrade httpcomponents httpclient from 4.5.4 to 4.5.12 JBEAP-19940 - (7.3.z) Upgrade httpcomponents httpcore from 4.4.5 to 4.4.13 JBEAP-19942 - (7.3.z) Upgrade XNIO from 3.7.8.SP1 to 3.7.9.Final JBEAP-19955 - (7.3.z) Update xmlschema to 2.2.5 JBEAP-19965 - (7.3.z) Fix PreservePathTestCase after httpclient upgrade JBEAP-20027 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00012 to 2.5.5.SP12-redhat-00013 JBEAP-20037 - GSS Upgrade wildfly-transaction-client from 1.1.11.Final-redhat-00001 to 1.1.13.Final-redhat-00001 JBEAP-20064 - (7.3.z) Update PR template to include PR-processor hints for wildfly-core-eap JBEAP-20087 - GSS WFLY-13147 - Deployment slowdown after WFLY upgrade (DeploymentArchive handling) JBEAP-20112 - (7.3.z) Upgrade smallrye-fault-tolerance to 4.2.1
- Package List:
Red Hat JBoss EAP 7.3 for BaseOS-8:
Source: eap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.src.rpm eap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.src.rpm eap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.src.rpm eap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.src.rpm eap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-artemis-native-1.0.2-3.redhat_1.el8eap.src.rpm eap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.src.rpm eap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.src.rpm eap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.src.rpm eap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-velocity-2.2.0-1.redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.src.rpm eap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.src.rpm
noarch: eap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-rt-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-services-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-tools-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-mail-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-pkix-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-prov-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.noarch.rpm eap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.noarch.rpm eap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-core-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm eap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-velocity-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-velocity-engine-core-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.noarch.rpm
x86_64: eap7-artemis-native-1.0.2-3.redhat_1.el8eap.x86_64.rpm eap7-artemis-native-wildfly-1.0.2-3.redhat_1.el8eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1954 https://access.redhat.com/security/cve/CVE-2020-14299 https://access.redhat.com/security/cve/CVE-2020-14338 https://access.redhat.com/security/cve/CVE-2020-14340 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX4XdnNzjgjWX9erEAQiXuw//R4g+s6n+rk7hCp48kUecgr/5ci5EP6UM 7BsPN7sPZcLyYiZZsP+/6hHbB/dkfUyL8zJMQBQHHcwjhFkI9diYjraI2/K2BTo8 Fb/JEJoCmDs88/LUUpMebq7SSulBWhtfKYwCCOGy6pCpRAka99nzFXGr1y4H1ozJ berY8tq9PVJLJyuKGyoK+06fENIV2b/Oir68lSGrTMJVQeqb9TclI1pRIZ/8iZNh OQOnXk85y81YrQTlynAlBnlMCtSNEFMBUi5b25Q30ZNxMaegYyezvlgs790hLZQA UUfjAdFsk341kK0uop93y9MnDT1qUiYNG1rJ5DBB0jzyq7zQk2GxwBYg3mhItMhi FBZ6oeePwEEq4Bxpd1vERDQQW+zCpd0jLJ4nvU1wFIQZK7eSBk6Lz4ws2XUHmuru yXCcJZWqkXzQwhYMSq3y1fVcTAl6HcWxoBuX1TU9AmZWKcUlHN9Lo6BF4fMEhXH/ UrQNC+mOnCAjJrD1sGyPlozMnZnu96fVMURTDdz4J9aN1JU1t0fb2MgD3X3VZWto ducjlQPeNTI1+elmaBxAS8A7a+UaN63QgjeCQfzjEky89Jvfv/Ra6i5R5x8LrrQf zMn1XyxOAefzehiV8SR801W8dE7D7RlF5y/TH0ciA/CIzUSNAbb4tDlGcSDPig+a PGc+57G5XO4=OgA5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary:
This is a security update for JBoss EAP Continuous Delivery 20. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
Security Fix(es):
-
hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
-
batik: SSRF via "xlink:href" (CVE-2019-17566)
-
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
-
ant: insecure temporary file vulnerability (CVE-2020-1945)
-
dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
-
hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
-
wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
-
cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
-
mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)
-
mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)
-
mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS
- Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0983",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.0"
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "cxf",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "3.3.0"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "cxf",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.2.13"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "cxf",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.3.6"
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "cxf",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "ops center common services",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
}
],
"trust": 0.7
},
"cve": "CVE-2020-1954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003650",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-172928",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-1954",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003650",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-1954",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-003650",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-172928",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-1954",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. Apache CXF There is an information leakage vulnerability in.Information may be obtained. Apache CXF is an open source Web service framework of the Apache Software Foundation. The framework supports a variety of Web service standards, a variety of front-end programming API and so on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8\nAdvisory ID: RHSA-2020:4245-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4245\nIssue date: 2020-10-13\nCVE Names: CVE-2020-1954 CVE-2020-14299 CVE-2020-14338\n CVE-2020-14340\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for RHEL 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.3 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* picketbox: JBoss EAP reload to admin-only mode allows authentication\nbypass (CVE-2020-14299)\n\n* wildfly: XML validation manipulation due to incomplete application of\nuse-grammar-pool-only in xercesImpl (CVE-2020-14338)\n\n* xnio: file descriptor leak caused by growing amounts of NIO Selector file\nhandles may lead to DoS (CVE-2020-14340)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack\n1848533 - CVE-2020-14299 picketbox: JBoss EAP reload to admin-only mode allows authentication bypass\n1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl\n1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-19379 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.17 to 5.3.18\nJBEAP-19444 - Tracker bug for the EAP 7.3.3 release for RHEL-8\nJBEAP-19596 - [GSS](7.3.z) CMTOOL-277 - Migration from EAP 6.4 Update 22 to EAP 7.3 create a misspelled \u0027Application Realm\u0027\nJBEAP-19613 - (7.3.z) ELY-1975 - Update AcmeClientSpi#obtainCertificate so that it obtains the order URL from the response to newOrder\nJBEAP-19615 - (7.3.z) ELY-1968 - Update error message returned by AcmeClientSpi#getLocation\nJBEAP-19642 - (7.3.z) Upgrade jberet-core from 1.3.5.Final to 1.3.7.Final\nJBEAP-19695 - [GSS](7.3.z) Upgrade Apache CXF from 3.3.5 to 3.3.7\nJBEAP-19698 - [GSS](7.3.z) Upgrade Invocation from 1.5.2.Final-redhat-00001 to 1.5.3.Final... \nJBEAP-19700 - [GSS](7.3.z) Upgrade Migration Tool from 1.7.1-redhat-00003 to 1.7.2-redhat-00001\nJBEAP-19701 - [GSS](7.3.z) Upgrade jgroups from 4.1.4.Final-redhat-00001 to 4.1.10.Final-redhat-00001\nJBEAP-19715 - [GSS](7.3.z) Upgrade Artemis Native to 1.0.2\nJBEAP-19746 - [GSS](7.3.z) Upgrade JBoss Log Manager from 2.1.15 to 2.1.17\nJBEAP-19789 - [GSS](7.3.z) Upgrade Narayana from 5.9.8.Final to 5.9.9.Final\nJBEAP-19791 - [GSS](7.3.z) Upgrade HAL from 3.2.9.Final-redhat-00001 to 3.2.10.Final-redhat-00001\nJBEAP-19795 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP11-redhat-00001 to 2.3.9.SP12-redhat-00001\nJBEAP-19796 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00010 to 2.9.0.redhat-00011\nJBEAP-19822 - (7.3.z) Upgrade MP fault-tolerance to 2.1.1\nJBEAP-19888 - (7.3.z) Upgrade SmallRye OpenAPI to 1.1.23\nJBEAP-19934 - (7.3.z) Upgrade bouncycastle to 1.65\nJBEAP-19935 - (7.3.z) Upgrade commons-codec to 1.14\nJBEAP-19936 - (7.3.z) Upgrade commons-lang3 from 3.9 to 3.10\nJBEAP-19937 - (7.3.z) Upgrade snakeyaml to 1.26\nJBEAP-19938 - (7.3.z) Upgrade velocity to 2.2\nJBEAP-19939 - (7.3.z) Upgrade httpcomponents httpclient from 4.5.4 to 4.5.12\nJBEAP-19940 - (7.3.z) Upgrade httpcomponents httpcore from 4.4.5 to 4.4.13\nJBEAP-19942 - (7.3.z) Upgrade XNIO from 3.7.8.SP1 to 3.7.9.Final\nJBEAP-19955 - (7.3.z) Update xmlschema to 2.2.5\nJBEAP-19965 - (7.3.z) Fix PreservePathTestCase after httpclient upgrade\nJBEAP-20027 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00012 to 2.5.5.SP12-redhat-00013\nJBEAP-20037 - [GSS](7.3.z) Upgrade wildfly-transaction-client from 1.1.11.Final-redhat-00001 to 1.1.13.Final-redhat-00001\nJBEAP-20064 - (7.3.z) Update PR template to include PR-processor hints for wildfly-core-eap\nJBEAP-20087 - [GSS](7.3.z) WFLY-13147 - Deployment slowdown after WFLY upgrade (DeploymentArchive handling)\nJBEAP-20112 - (7.3.z) Upgrade smallrye-fault-tolerance to 4.2.1\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8:\n\nSource:\neap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.src.rpm\neap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.src.rpm\neap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.src.rpm\neap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.src.rpm\neap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.src.rpm\neap7-artemis-native-1.0.2-3.redhat_1.el8eap.src.rpm\neap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.src.rpm\neap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.src.rpm\neap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.src.rpm\neap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.src.rpm\neap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.src.rpm\neap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.src.rpm\neap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.src.rpm\neap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.src.rpm\neap7-velocity-2.2.0-1.redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.src.rpm\neap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.src.rpm\neap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-rt-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-services-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-tools-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-bouncycastle-mail-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-bouncycastle-pkix-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-bouncycastle-prov-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.noarch.rpm\neap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.noarch.rpm\neap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.noarch.rpm\neap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jberet-core-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-compensations-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbossxts-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-idlj-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-api-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-bridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-util-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-txframework-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm\neap7-picketbox-infinispan-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm\neap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-velocity-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-velocity-engine-core-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm\neap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-artemis-native-1.0.2-3.redhat_1.el8eap.x86_64.rpm\neap7-artemis-native-wildfly-1.0.2-3.redhat_1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1954\nhttps://access.redhat.com/security/cve/CVE-2020-14299\nhttps://access.redhat.com/security/cve/CVE-2020-14338\nhttps://access.redhat.com/security/cve/CVE-2020-14340\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX4XdnNzjgjWX9erEAQiXuw//R4g+s6n+rk7hCp48kUecgr/5ci5EP6UM\n7BsPN7sPZcLyYiZZsP+/6hHbB/dkfUyL8zJMQBQHHcwjhFkI9diYjraI2/K2BTo8\nFb/JEJoCmDs88/LUUpMebq7SSulBWhtfKYwCCOGy6pCpRAka99nzFXGr1y4H1ozJ\nberY8tq9PVJLJyuKGyoK+06fENIV2b/Oir68lSGrTMJVQeqb9TclI1pRIZ/8iZNh\nOQOnXk85y81YrQTlynAlBnlMCtSNEFMBUi5b25Q30ZNxMaegYyezvlgs790hLZQA\nUUfjAdFsk341kK0uop93y9MnDT1qUiYNG1rJ5DBB0jzyq7zQk2GxwBYg3mhItMhi\nFBZ6oeePwEEq4Bxpd1vERDQQW+zCpd0jLJ4nvU1wFIQZK7eSBk6Lz4ws2XUHmuru\nyXCcJZWqkXzQwhYMSq3y1fVcTAl6HcWxoBuX1TU9AmZWKcUlHN9Lo6BF4fMEhXH/\nUrQNC+mOnCAjJrD1sGyPlozMnZnu96fVMURTDdz4J9aN1JU1t0fb2MgD3X3VZWto\nducjlQPeNTI1+elmaBxAS8A7a+UaN63QgjeCQfzjEky89Jvfv/Ra6i5R5x8LrrQf\nzMn1XyxOAefzehiV8SR801W8dE7D7RlF5y/TH0ciA/CIzUSNAbb4tDlGcSDPig+a\nPGc+57G5XO4=OgA5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 20. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access\nvia multiple protocols to compromise MySQL Connectors which could result in\nunauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access\nvia multiple protocols to compromise MySQL Connectors which could result in\nunauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access\nvia multiple protocols to compromise MySQL Connectors which could result in\nunauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1848617 - CVE-2019-17566 batik: SSRF via \"xlink:href\"\n1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS\n\n5. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1954",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159540",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159015",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159539",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159921",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159899",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159924",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159538",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159541",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-29873",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-049",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-172928",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-1954",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"id": "VAR-202004-0983",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:25:59.004000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-1954: Apache CXF JMX Integration is vulnerable to a MITM attack",
"trust": 0.8,
"url": "http://cxf.apache.org/security-advisories.data/cve-2020-1954.txt.asc?version=1\u0026modificationdate=1585730169000\u0026api=v2"
},
{
"title": "hitachi-sec-2020-125",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html"
},
{
"title": "hitachi-sec-2020-125",
"trust": 0.8,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-125/index.html"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204244 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204247 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204246 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204245 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 20 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203585 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-125"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1954"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
},
{
"trust": 1.1,
"url": "http://cxf.apache.org/security-advisories.data/cve-2020-1954.txt.asc?version=1\u0026modificationdate=1585730169000\u0026api=v2"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1954"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-1954"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14299"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14299"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14338"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14338"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14340"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14340"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:4244"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2875"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2934"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2933"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2934"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2933"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "http://cxf.apache.org/security-advisories.data/cve-2020-1954.txt.asc?version=1\u0026amp;modificationdate=1585730169000\u0026amp;api=v2"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3ccommits.cxf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3ccommits.cxf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3ccommits.cxf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4961"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3585"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xeap-cd\u0026version"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4931"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14389"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-172928"
},
{
"date": "2020-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"date": "2020-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"date": "2020-10-13T20:24:30",
"db": "PACKETSTORM",
"id": "159539"
},
{
"date": "2020-11-06T15:18:46",
"db": "PACKETSTORM",
"id": "159924"
},
{
"date": "2020-10-13T20:24:41",
"db": "PACKETSTORM",
"id": "159540"
},
{
"date": "2020-10-13T20:24:21",
"db": "PACKETSTORM",
"id": "159538"
},
{
"date": "2020-08-31T16:22:15",
"db": "PACKETSTORM",
"id": "159015"
},
{
"date": "2020-11-06T15:06:03",
"db": "PACKETSTORM",
"id": "159921"
},
{
"date": "2020-11-05T16:59:52",
"db": "PACKETSTORM",
"id": "159899"
},
{
"date": "2020-04-01T21:15:14.597000",
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-172928"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"date": "2023-11-07T03:19:38.010000",
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache CXF Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
}
],
"trust": 0.3
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.